With this release, Palo Alto Networks introduces features that implement SD-WAN functionality, streamline application-based policy creation and dependency workflows, enable automatic Panorama connection recovery, provide dynamic tagging to add users to groups, enhance GlobalProtect logging, and provide more options for our VM-Series firewalls. Highlights include:
SD-WAN—PAN-OS software now includes a native SD-WAN solution to provide intelligent and dynamic path selection on top of the industry-leading security that PAN-OS software already delivers. Managed by Panorama, our SD-WAN implementation includes centralized configuration management, automatic VPN topology creation, traffic distribution, and monitoring and troubleshooting.
Streamlined Application-Based Policy—Safely enable broad sets of applications with common attributes using a single policy rule (for example, you can safely enable broad access to web-based applications or to all enterprise VoIP applications). This minimizes errors, helps you to create policies that automatically update to handle newly released applications, and simplifies the transition toward an App-ID based rule set using Policy Optimizer.
Simplified Application Dependency Workflows—Simplified workflows to find and manage application dependencies allow you to see application dependencies when you create a new Security policy rule and when performing Commits. When a policy does not include all application dependencies, you can directly access the associated Security policy rule to add the required applications.
Automatic Panorama Connection Recovery—After you use Panorama to push configuration changes to managed firewalls, the firewalls check for connectivity to Panorama. If a firewall is unable to communicate with Panorama, that firewall automatically reverts to the last running configuration.
Dynamic User Groups—Use tags to dynamically add users to groups and to automate security, decryption, and authentication actions for group members based on potential threats or user behavior (such as browsing to a restricted site).
Include Username in HTTP Headers—Simplifies how to identify users who are accessing your network through secondary security appliances that are connected to your Palo Alto Networks firewall. Configure your firewall to include the username in the HTTP header so that other security appliances in your network can identify the user without additional infrastructure (such as proxies used to insert the username).
Enhanced Logging for GlobalProtect—Provides logging enhancements to help you monitor and troubleshoot issues with your GlobalProtect deployment, including activity charts and graphs on ACC, a new log type for easy viewing of any GlobalProtect events, log forwarding, and custom reports.
More Integrations and Support for the VM-Series Firewalls—VMware NSX-T integration provides comprehensive visibility and safe application enablement of all east-west traffic in your NSX-T deployment. You now also have performance improvements with support for DPDK on VM-Series firewalls on AWS, Azure, and Cisco ENCS.
For a complete description of the new features and instructions for how to use them, refer to the PAN-OS 9.1 New Features Guide. For associated software and content releases, changes in default behavior, and other release information, refer to the PAN-OS 9.1 Release Notes.