App-ID™ technology identifies the applications traversing your network so you can safely enable desired applications and block unwanted ones. With PAN-OS 8.1, it’s easier to move to and maintain an application-based security policy. New features include:
Application filter to allow new App-IDs – Temporarily allow new apps, so you can be sure newly released apps will not accidentally block traffic you intended to allow. That gives you time to perform a review of your policy and make updates.
Better tools to assess the effect of App-IDs – Get insight into newly categorized application activity and the effect of the new App-IDs on your traffic.
Rule usage tracker to eliminate security risks – Remove unused security rules by understanding when a rule was last hit, which eliminates holes that create security risks.
SaaS applications host sensitive data, and IT needs to ensure that data is stored in secure and compliant SaaS services. With the new SaaS application characteristics in App-ID, you can reduce risk based on hosting characteristics of SaaS applications. You can view detailed risk profile and usage statistics for the applications on your network; quickly identify and explore risky applications to determine which you should allow in your environment; and prevent future violations by enabling granular policy control.
The next-generation firewall Decryption Broker, an innovation introduced with PAN-OS 8.1, overcomes the challenges of supporting devices that complement next-generation firewalls. Now you can decrypt once and share decrypted traffic with other devices easily. All complementary devices are inline, enabling enforcement on each device and maximizing security. The Decryption Broker is a natural extension to decryption on the next-generation firewall, simplifying the management and troubleshooting of the solution.
The new PA-3200 Series appliances deliver up to 5x performance increase, up to 7x decryption performance increase, up to 20x decryption session capacity increase compared to existing hardware for the internet edge, and 1G/10G/40G interfaces for flexible connectivity options.
The new PA-220R ruggedized next-generation firewall brings you the same PAN-OS features that protect your largest data centers; offers an extended temperature range; and is certified to IEEE 1613 and IEC 61850-3 standards for vibration, temperature and immunity to electromagnetic interference. It provides interactive visibility and control of industrial protocols and applications, such as Modbus, DNP3, IEC 60870-5-104, Siemens S7, OSIsoft PI® and more.
The PA-5280, the latest addition to the PA-5200 Series appliances, prevents threats and safely enables applications in mobile network environments and large enterprise data centers. The PA-5280 offers security at throughput speeds of up to 68 Gbps and session capacity of up to 64 million.
Panorama™ management 8.1 includes new features that provide even greater efficiency for teams managing physical and virtual appliances running PAN-OS. Using variables in templates, you can now leverage common configurations across many devices while substituting device-specific values in place of IP addresses, IP ranges, FQDNs and more.
With device health monitoring, Panorama provides a deployment-wide view into the health and status of your next-generation firewalls. Trending of critical system resources up to 90 days helps you identify gradual changes in your environment. Proactive monitoring automatically creates alerts when substantial changes occur in the utilization of critical device resources, ensuring you’re the first to know. And new M-600 and M-200 appliances deliver high-performance management.
PAN-OS 8.1 enables you to deploy Panorama on public clouds. Its distributed architecture allows you to scale Panorama using the concept of modes, namely Panorama, Management Only or Log Collector. The choice of on-premise, private and public cloud environments provides maximum deployment flexibility. You can also use Panorama in conjunction with Palo Alto Networks® Strata Logging Service (formerly known as Cortex Data Lake).