Focus

Cloud NGFW for Azure

What's New

Table of Contents

What's New

New features for Cloud NGFW for Azure.

Here’s what’s new in Cloud NGFW for Azure.

What's New in June 2024
What's New in May 2024
What's New in March 2024
What's New in February 2024
What's New in January 2024
What's New in December 2023
What's New in November 2023
What's New in October 2023
What's New in September 2023
What's New in August 2023
What's New in June 2023
What's New in May 2023

What's New in June 2024

New	Description
Additional Azure Region Support	Cloud NGFW for Azure is now available in the following Azure regions: Japan West (Osaka) Sweden Central (Gavle) Italy North (Milan) South Africa North (Johannesburg) Israel Central West Central US (Wyoming) UAE North (Dubai) See Cloud NGFW for Azure Supported Regions and Zones for the complete list of supported regions.

What's New in May 2024

New	Description
Use XFF Header Value to Enforce Security Policy	Your Cloud NGFW for Azure can now use an IP address in an X-Forwarded-For (XFF) header to enforce security policy created on Panorama.
Additional Azure Region Support	Cloud NGFW for Azure is now available in the following Azure regions: Canada East See Cloud NGFW for Azure Supported Regions and Zones for the complete list of supported regions.
Credit Consumption and Usage Visibility	You can now use credits for Cloud NGFW consumption for long-term contracts which you allocate for your firewall resources across Azure cloud environments at tenant level. For more information, see Credit Usage Visibility.

What's New in March 2024

New	Description
Additional Azure Region Support	Cloud NGFW for Azure is now available in the following Azure regions: Norway East Germany West Central Central India Switzerland North See Cloud NGFW for Azure Supported Regions and Zones for the complete list of supported regions.
Azure Networking Charges	Cloud NGFW for Azure bills virtual network peering charges under the Azure Networking charges dimension. The consumption details are shared to the Azure Marketplace. Usage is tracked for inbound (from Internet to VNET), outbound (to Internet from VNET) and east-west traffic (across VNETs). For more information on the charges, see Cloud NGFW for Azure Pricing.
Support for Inbound Decryption	Cloud NGFW for Azure uses SSL Inbound Decryption to inspect and decrypt inbound SSL/TLS traffic from a client to a targeted network server and block suspicious sessions. For more information, see Set Up Inbound Decryption on Cloud NGFW for Azure.

What's New in February 2024

New	Description
Multiple Log Destinations	You can now send logs from your Panorama-managed Cloud NGFW for Azure resource to Azure Log Analytics Workspace, Syslog Servers, and Panorama. See Multiple Log Destinations on Cloud NGFW for Azure more information.
Additional Azure Region Support	Cloud NGFW for Azure is now available in the following Azure regions: France Central South Central US See Cloud NGFW for Azure Supported Regions and Zones for the complete list of supported regions.

What's New in January 2024

New	Description
Support for 100Gbps	This release enables the Cloud NGFW for Azure to automatically scale up to 100Gbps for both vNET and vWAN deployments. See Deploy the Cloud NGFW in a vNET and Deploy the Cloud NGFW in a vWAN for more information.

What's New in December 2023

New	Description
Additional Azure Region Support	Cloud NGFW for Azure is now available in the following Azure regions: North Central United States Southeast Asia See Cloud NGFW for Azure Supported Regions and Zones for the complete list of supported regions.
Support for Private Source NAT	This release adds support for Private Source NAT. With this support, you can create a Private NAT gateway to perform network address translation (NAT). For more information, see Edit an Existing Firewall to Enable Private Source NAT.

What’s New in November 2023

New	Description
Additional Azure Region Support	Cloud NGFW for Azure is now available in the following Azure regions: Japan East Brazil South See Cloud NGFW for Azure Supported Regions and Zones for the complete list of supported regions.
Rulestack enhancements	This release supports implicit rule deletions in a rulestack. With this enhancement: You can delete non-empty unassociated rulestacks without deleting any rules and objects. You can delete resource groups while retaining empty or non-empty unassociated rulestacks. You can delete non-empty unassociated rulestacks using the Azure CLI, CDK, PowerShell and Terraform. This deletion functionality applies to uncommitted and running non-empty rulestacks.
Support for DNS Security Service	Cloud NGFW for Azure adds support for the Palo Alto Networks DNS Security service. This service allows you to protect vNET and vWAN traffic from advanced DNS-based threats by monitoring and controlling the domains that your network resources query. For more information, see Enable DNS Security on Cloud NGFW for Azure.
Support for Non-RFC 1918	This release adds support for additional private IP ranges besides those addresses specified in RFC 1918 for vNET and vWAN deployments. With this support, you can use public IP address blocks (for example, 40.0.0.0/24) as your private network without routing the traffic to the internet. For more information about this feature in vNET deployments, see the information provided in the Networking Section (step 5) Additional Prefixes to Private Traffic Range.

What’s New in October 2023

New

Description

Additional Azure Region Support

Cloud NGFW for Azure is now available in the following Azure regions:

US West 2
North Europe

See Cloud NGFW for Azure Supported Regions and Zones for the complete list of supported regions.

Programmatic access

Programmatic access allows you to create and manage NGFWs and rulestacks using APIs. Using these APIs, you can invoke actions on Cloud NGFW resources through an application or third-party tool. The table below provides information about supported tools:

Terraform	Use the Azure Provider to configure infrastructure using Azure Resource Manager APIs.
PowerShell	Use Microsoft Azure PowerShell cmdlets to configure Cloud NGFW for Azure.
CLI	Use these commands to manage your Cloud NGFW for Azure resources.
SDK	SDK package for Python is supported.

What’s New in September 2023

New

Description

Integrate SSO login flow with your Support Portal account

Integrate your organization’s SSO login flow with your Palo Alto Networks Customer Support Portal account for your Cloud NGFW for Azure subscription. For more information, see Integrate Single Sign-on.

Support for public domain email addresses

This release adds support for public domain email addresses for Customer Support Portal accounts. Previously, users who managed Cloud NGFW assets and related support cases needed a corporate email address to log into the account. With this added functionality:

Public domain users access assets and support cases in accounts where they are members.
RBAC access controls are assignable and applied to users with public domain emails.
A user with a public domain email address in one account can't access assets and support cases in another account. Resolve this issue by adding the user with the public domain email address to the account they need to access.
A user with a public domain email address is assigned any role, including superuser and domain administrator.

An account can have one or more users with a public domain email address. If an account was created by a user with a public domain email address, the account is considered public.

An account can't have a mix of users with corporate and public email addresses.

The following public domain email addresses are supported:

gmail.com	yahoo.*	hotmail.*
live.*	outlook.com	aol.com
gms.* (gmx.de, gmx.net, gmx.us)	icloud.com	msn.com
comcast.net**	att.net

What’s New in August 2023

New	Description
General availability	Cloud NGFW for Azure has reached general availability. This release includes numerous fixes, support for additional regions, and enhancements to the pay-as-you-go (PAYG) subscription model.

What’s New in June 2023

New	Description
Health Monitoring	View the overall health status of the Cloud NGFW firewall, connection status, and diagnostic information. Use this information to determine the cause of an unhealthy firewall state. See Monitor Cloud NGFW Health for more information.

What’s New in May 2023

New	Description
Initial release of Cloud NGFW for Azure	The initial release of Cloud NGFW for Azure includes the following features: vNET and vWAN-based firewall deployments Single and multihub for vWAN. For more information, see Configure Palo Alto Networks Cloud NGFW in Virtual WAN. Use cases for inbound, outbound, and east-west traffic Policy management for rulestacks, prefix objects, FQDN objects and certificate objects Logging support Autoscale support Outbound decryption Content and antivirus upgrades Rolling upgrades for firewall resources Support provided by Customer Support Portal Support for built-in roles (LocalNGFirewall and LocalRuleStacksAdministrator)

New

Description

Initial release of Cloud NGFW for Azure

The initial release of Cloud NGFW for Azure includes the following features:

vNET and vWAN-based firewall deployments
Single and multihub for vWAN. For more information, see Configure Palo Alto Networks Cloud NGFW in Virtual WAN.
Use cases for inbound, outbound, and east-west traffic
Policy management for rulestacks, prefix objects, FQDN objects and certificate objects
Logging support
Autoscale support
Outbound decryption
Content and antivirus upgrades
Rolling upgrades for firewall resources
Support provided by Customer Support Portal
Support for built-in roles (LocalNGFirewall and LocalRuleStacksAdministrator)

View Audit Logs on Resource Groups

Cloud NGFW for Azure Known Issues