PAN-OS
Futureproof your network security
PAN-OS
Futureproof your network security
Simple Identity. Cost-effective Decryption. Expand Programmability and Hyperscale Virtualization.The latest innovations in PAN-OS tailored for the hybrid cloud world.


What’s new in PAN-OS

Identify application traffic
App-ID
  • Identify application traffic

    App-ID™ is a patented traffic classification technology that determines an application's identity irrespective of port, protocol, TLS/SSL/SSH encryption, or any other evasive tactic the application may use.

    Learn more
  • Cloud App-ID technology leverages the power of our global community to provide continuous discovery, categorization, and control of new and emerging SaaS applications

    Learn more
  • Policy Optimizer, a built-in feature within PAN-OS®, enables safe migration of legacy port-based rules to App-ID-based rules, giving you a rule set that is more secure and easier to manage.

    Learn more

Identity

Consistently authenticate and authorize your users

With User-ID™, policy follows your users no matter where they go and whichever device they use. In addition, Cloud Identity Engine simplifies user identity and authentication.

Read Cloud Identity Engine Solution Brief
Consistently authenticate and authorize your users
  • Safe enablement of applications

    Define policies that safely enable applications based on users, strengthen security policies and reduce incident response time.

  • Cloud Identity Engine

    Simplify Zero Trust with easy-to-deploy user identity and access across all locations.

  • Credential phishing prevention

    Protect users from phishing attacks and block submission of credentials to malicious web pages. Enforce MFA to stop attackers from using stolen credentials to move laterally in your network.

  • Automated responses that follow users

    Provide auto-remediation for anomalous user behavior and malicious activity with Dynamic User Groups.

Read Cloud Identity Engine Solution Brief

Comprehensive visibility
Device-ID
  • Comprehensive visibility

    Get visibility into devices and device details directly in the logs, while also being able to track devices as they move through the network.

    Learn more
  • Device-ID™ enables administrators to apply consistent policy control and threat prevention to a device no matter where it moves within the network or what it’s IP address is at any given time.

    Learn more
  • Restrict devices to known good behavior, block outdated OS devices on the network, trace threats back to individual devices, and use "device" as a dimension in other policy types.

    Learn more

Content-ID

Complete analysis of content traversing your network

Comprehensive visibility and control

Content-ID combines a real-time threat prevention engine with admin-defined policies to inspect and control content on the firewall.

Complete network protection

Block vulnerability exploits, buffer overflows, and port scans as well as protect against attackers’ evasion methods.

Improve Next-Generation Firewall Performance

Content-ID enables comprehensive threat protection in a single scan of network traffic, optimizing your NGFW performance.

Single-Pass Architecture

Integrated, prevention-oriented security

Single-Pass Parallel Processing (SP3) Architecture enables high-throughput, low-latency network security and scalability.

Learn more
Integrated, prevention-oriented security
  • Management made easy

    Simplify your security management through fewer consoles and functional gaps.

  • Scan it all. Scan it once.

    Manage all aspects of threat prevention from a security policy.

  • Flexibility without compromise

    Quickly enable new features without incurring more performance overhead or delaying business productivity.

Learn more

TLS and SSL Decryption

Without decryption, organizations are vulnerable
Read the white paper

Comprehensive visibility and control

Content-ID combines a real-time threat prevention engine with admin-defined policies to inspect and control content on the firewall.

Complete network protection

Block vulnerability exploits, buffer overflows, and port scans as well as protect against attackers’ evasion methods.

Improve Next-Generation Firewall Performance

Content-ID enables comprehensive threat protection in a single scan of network traffic, optimizing your NGFW performance.