This document discusses security options for branch locations that have different needs than corporate headquarters. It notes that a one-size-fits-all approach does not work well due to variations in factors like employee count, sites, bandwidth needs, applications, IT staffing, and budgets across locations. It presents three main options: hardware firewalls at each branch, virtualized firewalls running on SD-WAN edge devices, and using Palo Alto Networks' GlobalProtect cloud service. For each option, it outlines considerations around deployment, administration, use cases, and key advantages and limitations. It concludes by listing several important questions to evaluate for determining the best branch security approach, such as location characteristics and networking configuration.