The much anticipated PAN-OS 6.1 is finally here and with it, many new topics to read that describe new features and functionality. Here are some recommendations, hand-picked by the Technical Publications team, to add to your reading list.
New Feature Documentation
Local Signature Generation Support for WF-500 Appliances
The WF-500 appliance can now generate signatures locally, eliminating the need to send any data to the public cloud in order to block malicious content. For more information, see Signature/URL Generation on a WF-500 Appliance.
Per App VPN for GlobalProtect
Leveraging the GlobalProtect Mobile Security Manager App Store feature introduced in GlobalProtect Mobile Security Manager 6.1, the GlobalProtect app for iOS now supports Per App VPN. With Per App VPN, GlobalProtect can route all managed business apps through your corporate VPN, while allowing personal apps direct access to the Internet. For business apps with Per App VPN enabled, if the business app is unable to connect to the corporate VPN, the app will be unavailable to the user and will not send traffic until the secure connection is established. Users will still have access to their unmanaged apps, giving them the freedom to user their devices for personal use while protecting your critical business traffic. For more information, see Isolate Business Traffic.
Use Case: VM-Series Firewalls as GlobalProtect Gateways in AWS
If your users are more physically distributed than the supporting network infrastructure, GlobalProtect gateways in AWS remove the barriers to providing consistent security for all your users. The VM-Series firewall in AWS melds the security and IT logistics required to consistently and reliably protect devices used by mobile users in regions where you do not have a presence. By deploying the VM-Series firewall in the AWS cloud you can quickly and easily deploy GlobalProtect gateways around the world, and extend the corporate acceptable use policy to protect mobile users from threats and risky applications. For more information on how to deploy this solution, see Use Case: VM-Series Firewalls as GlobalProtect Gateways in AWS!
The firewall can now use Link Aggregation Control Protocol (LACP) to manage the interfaces in an aggregate group. Enabling LACP improves device and network availability by providing redundancy within aggregate groups and automating interface failure detection. For more information, see LACP.
Session End Reason Logging Support
Traffic logs now include a session end reason field to help troubleshoot connectivity and application availability issues in firewall traffic. For more information, see Session End Reason Logging.
New Documentation on Existing Features
In addition to new feature documentation, we’ve also expanded the depth of information about the following features.
Virtual systems are separate, logical firewall instances within a Palo Alto Networks firewall, which provide segmented administration and scalability of a firewall, along with reduced capital and operational expenses. For more information about benefits, use cases, and configuration of virtual systems, external zones, and shared gateways, see Virtual Systems.
Session Settings and Timeouts
This new topic describes settings and timers for TCP, UDP, and ICMPv6 sessions, in addition to IPv6, NAT64, jumbo frame size, MTU, accelerated aging, and captive portal authentication settings. For more information, see Session Settings and Timeouts.
This new topic describes the Dynamic Host Configuration Protocol and how to configure interfaces on the firewall to act as a DHCP server, client, or relay agent. DHCP provides network addresses along with TCP/IP and link-layer configuration parameters to dynamically configured hosts. For more information, see DHCP.
This new topic describes source and destination Network Address Translation, NAT rule capacities, and the ability to configure Dynamic IP and Port NAT oversubscription. For more information, see NAT.
Want More PAN-OS 6.1 Documentation?
Your friendly Technical Publications team