Which one is better between cortex XDR host firewall and windows firewall ?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Which one is better between cortex XDR host firewall and windows firewall ?

L2 Linker

Hi All,


Is it a good idea to enable the XDR host firewall to manage all endpoint communication? or is it better to keep the default windows firewall enabled without using the XDR firewall?


I would be happier if someone suggests any article/documentation links which show a comparison between the XDR firewall and windows firewall in terms of features.


As per my understanding, the XDR firewall is better than the windows firewall but managing firewall rules is a bit difficult as it doesn't come with any default rules like the windows firewall. Please correct me if I'm wrong.

what would be the best approach to tackling this situation?


Thanks in Advance!!


Cortex XDR 



hi @trevor_debeer ,


The query was associated for comparison between XDR agent host firewall or the Windows native firewall. As per the accepted solution, it implies that Cortex XDR gives you one fold and single management location for hardening your endpoint network layer security for both Windows and macOS endpoints. Managing via GPOs is definitely a big challenge and the accepted solution just gave a reference whether it is easy and completely doable based on AD objects.  For linux based host firewall, we have another product in our cloud security line, Prisma Cloud, which gives you that capability for linux boxes. Hope that answers your query.




On your query about Linux endpoints based host firewall, we do not have the feature to perform host firewall for linux as linux protection works on IPtables. Not sure if it is currently in the roadmap of not.  However, you can definitely run commands to take live terminal or run endpoint scripts to manage/create iptable rules on the linux endpoints using cortex xdr. 

L3 Networker

@trevor_debeer , in addition to NeelRohit answer, XDR is supporting endpoint isolation on Linux hosts which using iptables. XDR is capable to manage iptables but currently not supporting managing rule sets via XDR management console. 

Many thanks for this answer - it certainly clarifies or me how one would implement a comprehensive security strategy using the Palo Alto product set. I will definitely be looking at implementing Prisma for the network segmentation requirements and Cortex XDR for real-time operational security. The combination of both products will certainly meet our needs to provide all the functionality we currently use Trend Deep Security for.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!