HPE bolsters hybrid mesh firewall platform
HPE expands its hybrid mesh firewall platform with AI visibility controls, keyword filtering for AI tools, and the new SRX440 appliance. Announced at RSAC 2026, all features ship in Q2.
HPE has expanded its hybrid mesh firewall lineup with new AI-focused security controls and a new hardware model, the SRX440. Announced at RSAC 2026, the updates are built into Junos OS and apply across HPE Juniper Networking SRX firewalls.
What changed
The new features give enterprises visibility into AI application usage across their networks. Administrators can now restrict access to high-risk AI websites, filter keywords in AI interactions, and control file uploads to AI tools. These controls work across physical, virtual, and containerized firewall deployments.
HPE is also bringing carrier-grade security features from its larger SRX platforms down to the new SRX400 series, aimed at branch offices and campus environments. The SRX440 and all new AI controls ship in Q2 2026.
Management gets smarter
HPE Juniper Networking Security Director, the centralized management platform, now includes an enhanced chatbot. Operators can query it in natural language to provision firewalls for cloud deployments, import and translate policies from other vendors, identify unused rules, and create access policies based on roles, locations, and schedules.
That is a meaningful step. Policy management across distributed firewall deployments is one of the hardest operational problems in enterprise security.
WAFplanet take
Hybrid mesh firewalls sit at the intersection of network firewalls and web application firewalls. They are not WAFs in the traditional sense, but they increasingly overlap with WAF territory as enterprises look for unified policy enforcement across all layers.
For organizations already using cloud WAFs like Cloudflare, AWS WAF, or Imperva, the question is whether your network firewall and application firewall policies are aligned. HPE is betting that a single management plane for both is the answer. Competitors like F5 and Fortinet (FortiWeb) are making similar moves.
The AI visibility controls are practical. Shadow AI usage is a real problem, and blocking it at the firewall level is more reliable than hoping users follow policy. Whether you enforce it at the WAF layer with Radware or Prisma Cloud WAAS, or at the network firewall level with something like the SRX, the point is the same: you need a control plane for AI traffic.
