June 28, 2019

Via EDGAR and Overnight Delivery

U.S. Securities and Exchange Commission

Division of Corporation Finance

100 F Street, N.E.

Washington, D.C. 20549-3720

Ladies and Gentlemen:

Palo Alto Networks, Inc. (the “Company”), submits this letter in response to comments from the staff (the “Staff”) of the Securities and Exchange Commission (the “Commission”) received by letter dated June 14, 2019, relating to the above referenced filings.

In this letter, we have recited the comments from the Staff in italicized, bold type and have followed the comment with the Company’s response.

Form 10-Q for the Quarterly Period Ended April 30, 2019, Revenue Recognition, page 12

Response:

In connection with its implementation of ASC 606, the Company advises the Staff that it evaluated whether the physical or virtual firewall appliances and support services constitute distinct performance obligations under ASC 606-10-25-21. Based on this evaluation, the Company concluded that the physical or virtual firewalls (referred to herein as “Next-Generation Firewalls”) are distinct in the context of the contract from the support services, and as such should be accounted for as separate performance obligations. The Next-Generation Firewalls are not highly interdependent or interrelated with the support services. The customer substantially benefits from the built-in security features of the Next-Generation Firewalls even without the optional support services.

The Company evaluated the guidance in ASC 606-10-25-21 to determine whether the Next-Generation Firewalls are distinct in the context of the contract from the support services through an evaluation of the specific functionalities and capabilities of the Next-Generation Firewalls. The Company’s Next-Generation Firewalls deliver a broad set of built-in networking and security features which include App-ID, User-ID, site-to-site virtual private network (“VPN”), remote access Secure Sockets Layer (“SSL”) VPN, and Quality-of-Service (“QoS”). The Next-Generation Firewalls networking features include dynamic routing, switching, high availability, and VPN support, which enables deployment into a broad range of networking environments. The Next-Generation Firewalls security features include attack protection capabilities, such as blocking invalid or malformed packets, IP defragmentation, Transmission Control Protocol (“TCP”) reassembly, and network traffic normalization. These specific functionalities and capabilities are built into the Next-Generation Firewalls, do not diminish in a short period of time and do not require frequent, critical updates during the contractual period to maintain full functionality.

The Company evaluated ASC 606-10-25-21, which states the following: “In assessing whether an entity’s promises to transfer goods or services to the customer are separately identifiable in accordance with paragraph 606-10-25-19(b), the objective is to determine whether the nature of the promise, within the context of the contract, is to transfer each of those goods or services individually or, instead, to transfer a combined item or items to which the promised goods or services are inputs. Factors that indicate that two or more promises to transfer goods or services to a customer are not separately identifiable include, but are not limited to, the following:

The Company determined 606-10-25-21(a) and (b) are not met as the Company does not provide a significant service of integrating the Next-Generation Firewalls and support services into a combined unit, and the support services do not modify or customize the Next-Generation Firewalls.

The Company further evaluated 606-10-25-21(c) to determine whether the Next-Generation Firewalls and support services are highly interdependent or highly interrelated, as follows:

The Company also considered Example 10, Case C included in ASC 606-10-55-140D through 140F. The example illustrates a scenario where the provision of support (referred to as updates in the example) is integral to the customer’s ability to derive or maintain benefit from the software license, such that the entity cannot fulfill its combined promise without providing both items. In applying the separately identifiable principle, the example also highlights the notion of utility and how the promised update is critical to maintain the intended use and benefit of the software license. The Company believes this example is not applicable to the Company’s Next-Generation Firewalls as the Next-Generation Firewalls have significant standalone functionalities and capabilities as discussed above that will continue to provide utility to the customer even without the support services. The support upgrades and updates in the Company’s contract are not necessary to ensure that the Next-Generation Firewalls without any support services maintain a high level of utility to the customer during the contract period. This is evidenced by the infrequency of the upgrades and updates (every ten to thirteen months), many customers not using the most recent/updated version of the software and a limited number of customers buying the Next-Generation Firewalls without any support services. For those reasons, the Company’s Next-Generation Firewalls and support services offering is more analogous to Example 11A in ASC 606-10-55-143.

In addition to the support services described above, the Company also offers a variety of subscriptions that provide customers with real-time access to the latest intrusion prevention, web filtering, and modern malware prevention capabilities across the network, endpoints, and the cloud. Subscriptions can be purchased at the customer’s discretion, either with or without the Next-Generation Firewalls. Subscriptions are not highly interdependent or interrelated with the Next-Generation Firewalls because the Company would be able to fulfill its promise to deliver the full functionalities of the Next-Generation Firewalls even if the customer did not purchase any subscriptions. If these optional subscriptions are purchased, they do not modify or customize the functionality of the Next-Generation Firewalls.

The Company will expand its disclosures in its annual report on Form 10-K for the fiscal year ending July 31, 2019 as follows (changes are italicized and only paragraphs with the proposed changes are included below):

Product revenue is derived primarily from sales of our appliances. Product revenue also includes revenue derived from software licenses of Panorama and the VM-Series. We recognize product revenue at the time of hardware shipment or delivery of software license. Our appliances and software licenses include a broad set of built-in networking and security features and functionalities.

The majority of our contracts with our customers include various combinations of our products and subscriptions and support. Our appliances and software licenses have significant standalone functionalities and capabilities. Accordingly, these appliances and software licenses are distinct from the subscriptions and support services as the customer can benefit from the product without the services and the services are separately identifiable within the contract. We account for multiple agreements with a single customer as a single contract if the contractual terms and/or substance of those agreements indicate that they may be so closely related that they are, in effect, parts of a single contract. The amount of consideration we expect to receive in exchange for delivering on the contract is allocated to each performance obligation based on its relative standalone selling price. If a contract contains a single performance obligation, no allocation is required.

* * * * *

Please contact me with any questions or comments regarding the Company’s responses at (408) 638-3383. Thank you for your assistance.

Jeffrey C. True, Esq.

Palo Alto Networks, Inc.

Jeffrey D. Saper, Esq.

Jose F. Macias, Esq.

Wilson Sonsini Goodrich & Rosati, P.C.

David Cabral

Ernst & Young LLP