New Innovations in PAN-OS 9.1: SD-WAN and More

Dec 05, 2019
4 minutes
... views

At Palo Alto Networks, we have always believed in bringing integrated innovations to market with our Next-Generation Firewall. I consistently hear from customers that they love our platform because of the simplicity it offers, reducing the chance of error the leading cause of network breaches. The result is stronger security for their organizations. PAN-OS 9.1, the latest release of the software that powers our Next-Generation Firewalls, continues that tradition. 

PAN-OS 9.1 will help our customers securely connect to their branch offices, apply contextual security policy to users, and provide better visibility into mobile users connecting to the network. Three major new features of this release include: 

  • SD-WAN for comprehensive branch security.
  • Dynamic User Groups to apply contextual security based on user risk or other business needs.
  • Vast improvements in GlobalProtect to give administrators complete visibility into their mobile users’ deployments.

 

SD-WAN for Comprehensive Branch Security

Software-defined wide area networking (SD-WAN) has transformed the way distributed enterprises do business. However, while SD-WAN comes with many benefits, it also brings many challenges, such as degraded or bolted-on security, unforeseen deployment complexity and unpredictable performance. PAN-OS already performs the most difficult networking and security functions required for secure SD-WAN – such as application identification and the ability to protect against a broad array of threat vectors. PAN-OS 9.1 adds the SD-WAN capabilities your business needs, including path metrics (latency, jitter, loss) monitoring, app-based path selection and dynamic path updates.

With this addition, Palo Alto Networks is changing the game to deliver a secure SD-WAN solution. SD-WAN is now available in PAN-OS, so you don’t have to compromise on security when connecting your branch offices. Consuming SD-WAN is simple: You can either get it as a service with Prisma Access or simply enable it on our Next-Generation Firewalls.

 

Dynamic User Groups to Apply Security Based on User Info in the IT Environment

The Next-Generation Firewall from Palo Alto Networks with User-ID has traditionally allowed an admin to enable access control based on information from the user directory. User-based access control is a powerful mechanism to limit access only to those users who need it, but there are two main challenges with this approach that we’re solving in PAN-OS 9.1. First, what happens if the risk profile of the user changes and/or the user’s credentials are compromised? Should you still grant the user the same level of access simply based on the user’s role in the directory? Second, what if you need to provide temporary access to some users for a time-bound project? Waiting for directory admins to make the necessary changes to the user directory is not a very agile way to respond to these business needs. 

Dynamic User Groups (DUGs) solve these challenges by allowing an admin to change a user’s group membership on the fly on the Next-Generation Firewall, without waiting for changes to be applied in the directory. Now our customers can dynamically change user access based on changes in circumstances, whether the change is due to new indicators of compromise for the user received from Cortex XDR or a third-party system, or due to a business need like granting temporary access to a set of users.

 

GlobalProtect Enhancements for More Visibility into Mobile Users

We’ve been securing mobile users for a long time with GlobalProtect, and we’re excited about some great visibility and troubleshooting improvements included in PAN-OS 9.1. There are a lot of pieces that need to work together when a mobile user connects into GlobalProtect, including some that are out of the control of the NGFW administrator. 

Our goal was to give NGFW administrators the visibility and insight they need to fully understand what’s happening with their GlobalProtect users and deployment. They can then use these granular details to quickly troubleshoot and resolve when users encounter a connection failure. Our latest enhancements now offer visibility into any connectivity or access issues your users may be experiencing. This will enable you to proactively address issues before they escalate.

Learn about these latest and greatest features and how you can apply them to your day-to-day activities to enhance your organization’s security and simplify manual, tedious work. Watch our webinar: “What’s New in PAN-OS 9.1 – SD-WAN and More.”


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.