>
    Strata Copilot
    Enable Advanced IP Defense (PAN-OS 12.2 and Later)
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced IP Defense
    3. Enable Advanced IP Defense
    4. PAN-OS & Panorama
    5. Enable Advanced IP Defense (PAN-OS 12.2 and Later)
    Download PDF
    Advanced IP Defense

    Enable Advanced IP Defense (PAN-OS 12.2 and Later)

    Table of Contents

    Enable Advanced IP Defense (PAN-OS 12.2 and Later)

    Configure Advanced IP Defense on your firewall to enable real-time IP address inspection and enforcement based on IP attributes and direct-to-IP detection.
    Where Can I Use This?What Do I Need?
    • PAN-OS 12.2 and later
    • Panorama
    • Advanced IP Defense license
    • Network connectivity to Advanced IP Defense cloud service
    • Admin access to firewall or Panorama
    Advanced IP Defense provides real-time IP address inspection and enforcement to protect against threats that bypass traditional DNS and URL-based controls. By enabling Advanced IP Defense, you can enforce policies based on over 40 dynamic IP attributes and detect direct-to-IP connections that indicate potential malware or data exfiltration attempts.
    1. Log in to your firewall or Panorama.
      Use your admin credentials to access the web interface.
    2. Verify that you have an active Advanced IP Defense license.
      Select DeviceLicenses and verify that the Advanced IP Defense license is available and has not expired.
    3. Create or update an Advanced IP Defense profile.
      Select ObjectsSecurity ProfilesAdvanced IP Defense and click Add to create a new profile or select an existing profile to edit.
      Enter a name and description for the profile. You can also select a default profile to use as a template.
    4. Configure policy rules within the Advanced IP Defense profile.
      Click Add Rule to create rules that match traffic based on IP attributes or direct-to-IP detection. For each rule, specify:
      • IP Match Field (source IP or destination IP)
      • Match criteria (IP attributes, categories, or NO_DNS for direct-to-IP detection)
      • Action (Allow, Alert, or Block)
      • Log severity level
      You can combine multiple criteria using AND, OR, or NOT operators to create complex rules.
    5. Configure exceptions and allowlists.
      Click the Exceptions tab to configure exceptions for known benign traffic. You can add:
      • IP-based exceptions
      • Port-based exceptions
      • IP-port pair exceptions
      • EDL-based exceptions
      Exceptions allow you to bypass Advanced IP Defense checks for specific traffic patterns.
    6. Click OK to save the Advanced IP Defense profile.
      The profile is now created and ready to be attached to security zones.
    7. Attach the Advanced IP Defense profile to security zones.
      Select NetworkZones and select the zone where you want to enforce Advanced IP Defense policies. In the zone configuration, attach the Advanced IP Defense profile you created.
    8. Commit your changes.
      Click Commit to apply the Advanced IP Defense configuration to your firewall.
    9. Monitor Advanced IP Defense activity.
      Select MonitorLogsThreat to view logs for traffic that matched Advanced IP Defense rules. You can filter logs by IP attributes, direct-to-IP detection, or specific rules to track blocked threats and validate policy effectiveness.
    After enabling Advanced IP Defense, you can create additional profiles for different security zones or refine your existing rules based on traffic patterns and security requirements. Monitor the logs regularly to ensure your policies are effective and adjust rules as needed.

    © 2026 Palo Alto Networks, Inc. All rights reserved.