{"id":104208,"date":"2019-12-05T06:00:32","date_gmt":"2019-12-05T14:00:32","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=104208"},"modified":"2019-12-04T21:37:31","modified_gmt":"2019-12-05T05:37:31","slug":"network-pan-os-9-1","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2019\/12\/network-pan-os-9-1\/","title":{"rendered":"New Innovations in PAN-OS 9.1: SD-WAN and More"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">At Palo Alto Networks, we have always believed in bringing integrated innovations to market with our Next-Generation Firewall. I consistently hear from customers that they love our platform because of the simplicity it offers, reducing the chance of error <\/span><span style=\"font-weight: 400;\">\u2013<\/span><span style=\"font-weight: 400;\"> the leading cause of network breaches. The result is stronger security for their organizations. <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/products\/new\/new-panos9-1\"><span style=\"font-weight: 400;\">PAN-OS 9.1<\/span><\/a><span style=\"font-weight: 400;\">, the latest release of the software that powers our Next-Generation Firewalls, continues that tradition.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">PAN-OS 9.1 will help our customers securely connect to their branch offices, apply contextual security policy to users, and provide better visibility into mobile users connecting to the network. Three major new features of this release include:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">SD-WAN for comprehensive branch security.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Dynamic User Groups to apply contextual security based on user risk or other business needs.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Vast improvements in GlobalProtect to give administrators complete visibility into their mobile users\u2019 deployments.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>SD-WAN for Comprehensive Branch Security<\/b><\/p>\n<p><a href=\"https:\/\/www.securityroundtable.org\/sd-wan-an-explainer-for-cxo\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">Software-defined wide area networking (SD-WAN)<\/span><\/a><span style=\"font-weight: 400;\"> has transformed the way distributed enterprises do business. However, while SD-WAN comes with many benefits, it also brings many challenges, such as degraded or bolted-on security, unforeseen deployment complexity and unpredictable performance. PAN-OS already performs the most difficult networking and security functions required for secure SD-WAN \u2013 such as application identification and the ability to protect against a broad array of threat vectors. PAN-OS 9.1 adds the SD-WAN capabilities your business needs, including path metrics (latency, jitter, loss) monitoring, app-based path selection and dynamic path updates.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With this addition, Palo Alto Networks is changing the game to deliver a secure <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/network-security\/sd-wan\"><span style=\"font-weight: 400;\">SD-WAN solution<\/span><\/a><span style=\"font-weight: 400;\">. SD-WAN is now available in PAN-OS, so you don\u2019t have to compromise on security when connecting your branch offices. Consuming SD-WAN is simple: You can either get it as a service with <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/access\"><span style=\"font-weight: 400;\">Prisma Access<\/span><\/a><span style=\"font-weight: 400;\"> or simply enable it on our <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/network-security\/next-generation-firewall\"><span style=\"font-weight: 400;\">Next-Generation Firewalls<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Dynamic User Groups to Apply Security Based on User Info in the IT Environment <\/b><\/p>\n<p><span style=\"font-weight: 400;\">The Next-Generation Firewall from Palo Alto Networks with User-ID has traditionally allowed an admin to enable access control based on information from the user directory. User-based access control is a powerful mechanism to limit access only to those users who need it, but there are two main challenges with this approach that we\u2019re solving in PAN-OS 9.1. First, what happens if the risk profile of the user changes and\/or the user\u2019s credentials are compromised? Should you still grant the user the same level of access simply based on the user\u2019s role in the directory? Second, what if you need to provide temporary access to some users for a time-bound project? Waiting for directory admins to make the necessary changes to the user directory is not a very agile way to respond to these business needs.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Dynamic User Groups (DUGs) solve these challenges by allowing an admin to change <\/span><span style=\"font-weight: 400;\">a user\u2019s group membership on the fly on the Next-Generation Firewall, without waiting for changes to be applied in the directory. <\/span><span style=\"font-weight: 400;\">Now our customers can dynamically change user access based on changes in circumstances, whether the change is due to new indicators of compromise for the user received from <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xdr\"><span style=\"font-weight: 400;\">Cortex XDR<\/span><\/a><span style=\"font-weight: 400;\"> or a third-party system, or due to a business need like granting temporary access to a set of users.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>GlobalProtect Enhancements for More Visibility into Mobile Users<\/b><\/p>\n<p><span style=\"font-weight: 400;\">We\u2019ve been securing mobile users for a long time with <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/products\/globalprotect\"><span style=\"font-weight: 400;\">GlobalProtect<\/span><\/a><span style=\"font-weight: 400;\">, and we\u2019re excited about some great visibility and troubleshooting improvements included in PAN-OS 9.1. There are a lot of pieces that need to work together when a mobile user connects into GlobalProtect, including some that are out of the control of the NGFW administrator.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Our goal was to give NGFW administrators the visibility and insight they need to fully understand what\u2019s happening with their GlobalProtect users and deployment. They can then use these granular details to quickly troubleshoot and resolve when users encounter a connection failure. Our latest enhancements now offer visibility into any connectivity or access issues your users may be experiencing. This will enable you to proactively address issues before they escalate.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn about these latest and greatest features and how you can apply them to your day-to-day activities to enhance your organization\u2019s security and simplify manual, tedious work. Watch our webinar: \u201c<\/span><a href=\"https:\/\/event.on24.com\/wcc\/r\/2134417\/B0F3CD67A1E777E0853D49A4262803E8?partnerref=Social\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">What\u2019s New in PAN-OS 9.1 \u2013 SD-WAN and More<\/span><\/a><span style=\"font-weight: 400;\">.\u201d<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our latest innovations in PAN-OS 9.1 include SD-WAN for comprehensive branch security, Dynamic User Groups and vast improvements in GlobalProtect.<\/p>\n","protected":false},"author":630,"featured_media":103590,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[308,6765],"tags":[6951,6888,6953,1815,6954,6952,6950],"coauthors":[6728],"class_list":["post-104208","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","category-secure-the-enterprise","tag-branch-cloud-transformation","tag-branch-security","tag-edge-infrastructure","tag-firewall","tag-mpls-replacement","tag-network-transformation","tag-secure-sd-wan"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2019\/11\/SD-WAN-Image.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/630"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=104208"}],"version-history":[{"count":4,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104208\/revisions"}],"predecessor-version":[{"id":104212,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104208\/revisions\/104212"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/103590"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=104208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=104208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=104208"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=104208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}