Pan-OS is the software that runs all Palo Alto Networks next-generation firewalls. It harnesses essential technologies like App-ID, Content-ID, Device-ID, and User-ID, providing comprehensive visibility and control over applications used by all users and devices, regardless of their location. Through inline machine learning and automatic updates of application and threat signatures, your firewall stays up-to-date with the latest threat intelligence, ensuring that permitted traffic is safe from both known and unknown threats

PAN-OS 11.1 Cosmos leverages cloud-based ML detection engines for artificial intelligence (AI) and deep learning techniques to extend and improve your security posture.

Here is a breakdown of the latest features and improvements

Security improvements: 

• Quantum-resistant VPN tunnels 

• Advanced WildFire Inline Cloud Analysis, now operates a series of cloud-based ML detection engines that provide inline analysis of PE (portable executable) files traversing your network to detect and prevent advanced malware in real-time. 

New hardware: 

• PA-415-5G adds a 5G-capable appliance to the PA-400 Series firewall lineup. 

• PA-455 a new mid-range appliance to the PA-400 Series firewall lineup. 
• PA-450R new rugged firewall appliance that upgrades the PA-220R firewall. 
• PA-5445 the highest performance fixed form-factor model. 
• PA-7500 a new modular chassis that upgrades the PA-7000 Series firewall. 

General enhancements: 

• Improved Throughput with Lockless QoS for PA-3410, PA-3420, PA-3430, PA-3440, PA-5410, PA-5420, PA-5430, PA-5440, and PA-5445 
• Zone protection adds reconnaissance protection for IP protocols scans. 
• TLSv1.3 support for GlobalProtect and management access. 
• Configuration audit is enhanced with more details when comparing to configuration versions. 

• Encryption of API keys is available using self-signed certificates 
• Policy Rulebases management using TAG browser instead of group by TAGS. 
• SCP support to upload supported packages to update the firewall. 

IOT security gets 2 enhancements: 

• Device-ID Visibility and Policy Rule Recommendations in PAN-OS. PAN-OS administrators can view these recommendations in the PAN-OS 11.1 web interface, select the ones they want their firewalls to apply, and import them into the Security policy rule base. 

 

• SNMP Network Discovery for IoT Security results in IP address-to-MAC address bindings and additional network data by using SNMP to query switches and other forwarding devices throughout the network. 

 

• PA-450R designed for industrial, commercial, and government deployments. The hardware is suited for installation in harsh environments with extreme temperatures and high humidity levels. 

 

SD-WAN new features: 

• IKEv2 certificate authentication support for stronger authentication. 
• Public cloud SD-wan high availability, configure up to 4 IP addresses to minimize downtime and ensure session survivability using HA Active/Passive in public cloud. 

 

Virtualization Improvements: 

• Supports ARM based instances on AWS Graviton 2 and KVM 
• Link Aggregation for VM-Series Firewall for private cloud 
• Cortex Datalake logging for CN-series 

• IOT security for CN-series firewalls 
• Dynamic routing in CN-series HSF 

 

Panorama: 

Increased number of management firewalls for the virtual Panorama in management only mode, up to 5000 managed devices. 

Added some no template variables for IPv6. 

 

Excited to know more? discover it here

Contact us if you want more information about Palo Alto’s new features or further details on the new hardware. Send us an email at info@jarviss.be

Author: Kevin Thys