>
    Feature History for AIOps for NGFW
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Feature History for AIOps for NGFW
    Download PDF
    Next-Generation Firewall

    Feature History for AIOps for NGFW

    Table of Contents

    Feature History for
    AIOps for NGFW

    See what’s changed in
    AIOps for NGFW
    .
    Review past features introduced in
    AIOps for NGFW
    .
    Feature
    Changes
    On-Demand Software Upgrade Plan
    Premium only
    March 2023
    By uploading a Tech Support File (TSF) in AIOps for NGFW, you can now generate a software upgrade plan for devices that have the PAN-OS version 9.1 or later. This plan suggests the optimal software version that can be installed on your devices and offers details about new features, modifications to behavior, vulnerabilities, and software issues associated with each suggested software version.
    Panorama CloudConnector Plugin
    Panorama CloudConnector (Formerly, AIOps Plugin for Panorama) now enables you to use the Panorama AWS Plugin 5.0.0 to author and push device group based policies to Cloud NGFW for AWS resources.
    Supported Panorama Versions
    1. Panorama Versions 10.2.x (10.2.3 and later) and 11.0.0
      You can download this version of the CloudConnector Plugin on Panorama versions 10.2.3 or later from the Customer Support Portal or directly from
      Panorama
      Plugins
      .
    2. Panorama Versions 11.0.1 and above
      To help customers, we have pre-installed this plugin with the newer Panorama versions.
    Enterprise License Agreement for AIOps for NGFW
    February 2023
    Now that AIOps for NGFW is compatible with tenant service groups (TSGs), you can use Common Services to activate an Enterprise License Agreement add-on of AIOps for NGFW.
    Tenant Service Group (TSG) Support for AIOps for NGFW
    February 2023
    You can now use the tenant view to access AIOps for NGFW with Tenant Service Groups (TSGs). This view enables you to activate licenses and manage subscriptions, tenants, identity, and access using Common Services.
    The existing AIOps for NGFW app instances will be migrated from the support account view to the tenant view. You can find these AIOps for NGFW instances by toggling
    View by Support Account
     off.
    In the tenant view, apps and services are organized by the tenant instead of by support account.
    Regional Support for Hosting AIOps for NGFW
    January 2023
    You can now host your instance of AIOps for NGFW in the following regions:
    • Singapore
    • Australia
    • India
    • Japan
    • Canada
    • Italy - Europe
    • Spain - Europe
    • Switzerland - Europe
    In this way, your telemetry and firewall log data is processed by a local AIOps for NGFW instance without the data ever leaving your geographic region. To host AIOps for NGFW in new regions for new customers, select the desired region during the Free or Premium activation process. If you are an existing customer with an AIOps for NGFW instance, it will continue to operate from its original location.
    United Kingdom and Netherlands Regional Support
    December 2022
    For compliance with data privacy regulations, you can now host your instance of AIOps for NGFW in the United Kingdom and Netherlands if you have a
    Strata Logging Service
     instance in these regions. That way, your telemetry and firewall log data is processed by a local AIOps for NGFW instance without the data ever leaving your geographic region. To host AIOps for NGFW in the United Kingdom or Netherlands, select it as your Region during Free or Premium activation.
    Enhancements to Software Upgrade Planner
    Premium only
    December 2022
    You can now generate an upgrade plan for the CVE impacted devices from Security Advisory Summary.
    The upgrade plan includes:
    • Best software version for your devices that you can upgrade to fix the selected vulnerabilities.
    • Information about new features, changes to behavior, vulnerabilities and software issues in each recommended software version.
    Strata Logging Service
     (CDL) Service Alerts
    December 2022
    You can now view service alerts about your CDL instance within
    AIOps for NGFW
    . These alerts enable you to stay aware of the latest service availability, log storage, and connection issues affecting your CDL instance, providing you with the context and recommendations necessary to take the appropriate actions against them.
    AIOps for NGFW
     now raises the below service alerts:
    • Firewall Disconnected from CDL
    • Log Ingestion Offline
    • Log Forwarding Offline
    • Log Ingestion Latency
    • Log Forwarding Latency
    • Log Storage Approaching Limits
    Dynamic Threshold for Anomaly Detection
    Premium only
    November 2022
    AIOps for NGFW
     uses machine learning to understand your deployment and generates alerts that dynamically adjust based on the metric’s historical value and your usage trends. This feature dramatically reduces the occasions where you might perceive an Alert as a false positive.
    New Security Alerts Remediations
    November 2022
    New CLI remediations have been added to an additional 18 security alerts. You can now view these CLI commands under alert recommendations, helping you to remediate the issues triggering an alert. Additionally, CLI commands are now grouped so that you can copy all relevant commands for a configuration object at the same time and run them on your devices.
    Derived Rate Metrics for NAT, ZPP, and Application Statistics
    November 2022
    To help you better understand the metrics and correlate them in charts, metrics for NAT, Zone Protection Profile (ZPP), and Application Statistics are converted to rate metrics. The following metrics are new and enhanced:
    • NAT Failure Rate
       metric indicates an issue with session setup for source NAT allocation.
    • DIPP NAT Failure Rate
       metric indicates the failure frequency for a NAT policy to translate IP addresses with different port numbers.
    • Incoming packet rate
       metric is enhanced to display packets per second. This metric indicates the depletion of internal server resources or system connections due to incoming packets.
    • Application Statistics
       for Top App Summary is enhanced to display the rates at which bytes, packets, and sessions are consumed in the top applications for each device. The rate metrics for Application Statistics are displayed after they have been accumulated for a week.
    On-Demand BPA Report
    October 2022
    You can now run the Best Practice Assessment (BPA) for devices with the PAN-OS version 9.1 and later by uploading a Tech Support File (TSF) in
    AIOps for NGFW
    . You can generate the on-demand BPA report for devices that are not sending telemetry data or onboarded to AIOps for NGFW. BPA measures your security posture against Palo Alto Networks’ best practice guidance. Importantly, the BPA includes checks for the Center for Internet Security’s Critical Security Controls (CSC).
    Policy Analyzer
    Premium only
    October 2022
    Policy Analyzer makes the everyday time consuming tasks simple, precise, and error free. Before adding a new rule to meet a firewall change request, you can now verify if the rule needs to be added at all, if existing rules can be modified to meet the request, and much more. You can also assess the existing rulebase to identify any shadows, redundancies, and other anomalies that might exist.
    Analyze your Security policy rules both before and after you commit your changes.
    • Pre-Change Policy Analysis
      —Enables you to evaluate the impact of a new rule so you can compare that to your intent for that rule and ensure that it does not duplicate or conflict with existing rules before you commit to avoid policy rule inflation bloat. You can also run a Security Policy Anomaly Analysis to check for shadows, redundancies, generalizations, correlations and consolidations.
    • Post-Change Policy Analysis
      —Enables you to clean the existing rulebase by identifying shadows, redundancies, and other anomalies that have accumulated over time.
    • Policy Analyzer requires the CloudConnect Plugin 2.0 (Formerly, AIOps Plugin 1.1.0) or later on your Panorama appliance.
    • Policy Analyzer requires Panorama 10.2.3 or a later version.
    New Security Checks
    September 2022
    New
    Security Checks
     are available to help you make sure you’re adhering to best practices for an even wider array of security features.
    • API Key Lifetime
    • Authentication Profile
    • Authentication Settings
    • Captive Portal Mode
    • Certificate Expiration Check
    • DoS Rule Protection
    • Forwarding Decryption Certificate
    • GRE Tunnel Keep-Alive
    • Internal Zones Pass Through Captive Portal
    • Local Admins
    • Monitoring Enabled
    • Monitoring IP Address
    • PAN-OS Release Date
    • Passive DNS Monitoring
    • Radius Authentication Profile
    • Secure Client Communication
    • Secure Server Communication
    • SSH Proxy
    • SSH Proxy / SSH Tunnel
    • Strip X-Forwarded-For Header
    • Tacacs+ Authentication Profile
    • Telemetry Data
    • Tunnel Inspection Security Options
    • URL Filtering Profile Inline ML Model Action
    • URL Settings
    • User ID Rules without User ID enabled on Zone
    • WildFire Content Update
    Security Advisory Summary
    September 2022
    To help you decide which devices you need to upgrade to protect from vulnerabilities, you can now view the impacted devices for each CVE in Security Advisory Summary. You can filter CVEs by using these details, such as Host Name and Model, and sort them further by
    Devices Impacted
     or
    Severity
     of the CVE.
    Security Subscriptions
    August 2022
    To help you identify security gaps and harden the security posture of your enterprise,
    AIOps for NGFW
     now provides a comprehensive view into your available security subscriptions and their license usage in your devices. You can view these security subscriptions in graphical and tabular formats.
    Software Upgrade Planner
    Premium only
    August 2022
    To help you with planning upgrades for devices,
    AIOps for NGFW
     now analyzes your devices to create a detailed report recommending software upgrade options.
    You can select an upgrade option to view further details about
    New Features
    ,
    PAN-OS Known Vulnerabilities
    , and
    PAN-OS Known Issues
    .
    The Software Upgrade Planner feature is available on the AIOps for NGFW Premium instances. We are rolling out this feature to the customers of the AIOps for NGFW Premium over the course of several weeks.
    IPSec VPN Tunnel Down Health Alert
    Premium only
    August 2022
    To help you with detailed visibility for your IPSec VPN tunnel deployments,
    AIOps for NGFW
     now raises the
    Tunnel Down
     alert when a tunnel status is down.
    You can click this alert to view more details, which include events and runtime tunnel status.
    You can click an event to view Metric Details along with a chart displaying the tunnel status metric.
    Certificate Expiration Alerts
    Premium only
    August 2022
    AIOps for NGFW
     now raises an alert when a certificate for a firewall or Panorama appliance feature is going to expire. This alert enables you to proactively respond before a feature ceases to function and avoid potential business disruption.
    This feature currently supports these certificates for firewalls:
    • Device Certificate
    • Logging Service Certificate
    • Revoking External Certificate
    • SSL Decryption
    • SCEP Configuration
    • GlobalProtect VPN
    • UserID Agent
    • IPSec VPN (site-to-site)
    • Captive Portal
    • Web UI Access to Admin Users
    • "Palo Alto Networks Inter-device communications Firewalls, Panorama, Log collectors, Wildfire"
    • External Dynamic Lists
    • Email Server Profile
    • Multi Factor Authentication (MFA)
    • HTTP Server Profile
    • Radius Server profile
    • SAML Identity Provider
    And these certificates for Panorama appliances:
    • Device Certificate
    • Logging Service Certificate
    • Revoking External Certificate
    • SCEP Configuration
    • UserID Agent
    • Web UI Access to Admin Users
    • "Palo Alto Networks Inter-device communications Firewalls, Panorama, Log collectors, Wildfire"
    • Email Server Profile
    • HTTP Server Profile
    • Radius Server profile
    • SAML Identity Provider
    • Authentication Profile
    • Certificate Profile
    Germany Regional Support
    August 2022
    For compliance with data privacy regulations, you can now host your instance of
    AIOps for NGFW
     in Germany if you have a
    Strata Logging Service
     instance in Germany. That way, your telemetry and firewall log data is processed by a local
    AIOps for NGFW
     instance without the data ever leaving your geographic region.
    To host
    AIOps for NGFW
     in Germany, select it as your Region during Free or Premium activation.
    Feature-Based Vulnerability Detection
    August 2022
    To help better inform your decision about whether to upgrade a firewall, you can now view the affected feature mapped to a vulnerability. The
    Feature Affected
     column under Vulnerabilities in this PAN-OS version includes information about the affected feature for a vulnerability. If a CVE is not associated with a feature, then the value under
    Feature Affected
     is blank.
    Security Alerts for Panorama
    August 2022
    To tell you when an issue affects a group of Panorama-managed firewalls,
    AIOps for NGFW
     now raises alerts against entire device groups and template stacks. This helps you quickly understand if an alert applies to several firewalls and whether to take remediation steps at the Panorama level.
    Alert tables now feature a new
    Location
     column that identifies the device group or template stack and an
    IP address
     column. You can also group your firewalls by
    Location
    .
    In the details of an alert, you can now view the device group or template stack associated with the alert.
    As part of this update, all existing alerts will be cleared and new alerts will be raised in their place. Some alerts will also have new names.
    Activity Report Highlights
    July 2022
    From the Summary dashboard, you can now get a quick view of your network activity as found in Activity. See information about your total user count, applications, traffic, and blocked threats all in one place, and select any one type of network activity to view logs and learn more about it.
    Export Metadata for Troubleshooting
    July 2022
    To help technical support assist you more quickly, you can now export the firewall and Panorama appliance data that AIOps collects to a compressed JSON file. This file also contains your Customer Support Portal ID, Cortex Data Lake tenant ID, and
    AIOps for NGFW
     instance ID to help support personnel know where to investigate.
    HA Device Details
    June 2022
    To help you better monitor your devices, the
    Device Details
     page has been updated to display more detailed topographies, telemetry information, high availability (HA) links, and the connection status between HA pairs. This gives you more visibility into which devices are in HA pairs and how they are operating.
    Device Connections and Service Connections
    June 2022
    The
    Device Details
     Overview graph has been divided into two sections,
    Device Connections
     and
    Service Connections
    , to make it easier to monitor the connections between your devices and ensure that they are secure and up-to-date.
    Device Connections
     shows you the relationships between the device and others in your deployment, such as its managing Panorama or HA peer.
    Service Connections
     displays the
    Logging
     or
    Security services
     to which the device is connected.
    Additional Security Checks
    June 2022
    New
    Security Checks
     are available to help you make sure you’re adhering to best practices for an even wider array of security features.
    See
    Settings > Security Checks
     or the Alert Reference for a complete list.
    CloudConnector Plugin (Formerly, AIOps Plugin) for Panorama
    &
    Proactive Security Check Enforcement (Premium Feature)
    June 2022
    If you use Panorama to manage firewalls, you can now install a plugin that helps you proactively prevent suboptimal configurations from entering your deployment. The plugin enables you to identify particular Security Checks in
    AIOps for NGFW
     that will cause Panorama to prevent commits of any configuration that do not pass those checks.
    This feature is available only in
    AIOps for NGFW
     Premium.
    Configurable Severity Level for Best Practices
    June 2022
    You can now set the
    Severity
     for best practice checks to reflect how important they are for your particular deployment and help you focus on the checks that are most critical to you.
    Vulnerabilities Based on Enabled Features
    May 2022
    To help better inform your decision about whether to upgrade a firewall, you can now view the known vulnerabilities that apply to the firewall based on its enabled features, in addition to the vulnerabilities in the PAN-OS version generally. Each entry includes information related to the vulnerability, such as its CVE identifier and the PAN-OS version in which it was fixed.
    To view the vulnerabilities impacting a specific firewall according to its enabled features, you must enable Product Usage telemetry on the firewall.
    New High Availability Health Alerts
    May 2022
    To continue better helping you oversee your high availability deployments,
    AIOps for NGFW
     now raises the following alerts:
    • HA Peer has failed
       — One of the firewalls in the HA pair is in a non-healthy state.
    • Out of Sync peers - Sessions (Configuration)
       — Sessions are not matching or up to date between the high-availability peers.
    • HA Backup (configuration)
       — The configurations on the HA peers are out of sync.
    Enhanced Feature Adoption and Best Practice Configuration Visibility
    May 2022
    You can now filter the
    Feature Adoption
     and
    Feature Configuration
     charts based on device group to learn how well a specific set of firewalls are utilizing security features and passing Palo Alto Networks best practice checks.
    Drill down into a feature to view the specific policy rules that are not using the feature or do not have it configured according to best practices.
    Active and Historical Events
    May 2022
    To help you focus your investigation, you can now choose whether to display an alert’s
    Active
     contributing events or a
    History
     of them. Active events show you the current issues that are keeping the alert open, and the historical events show you the changes in the alert over a configurable period of time.
    Updated Navigation Menu
    May 2022
    The navigation menu now has a new look. The menu items are in the same place, but we’ve made it sleeker and easier to use. Explore in the app now!
    May 2022
    • AIOps for NGFW
       - Premium becomes available for purchase
      . Activate your premium subscription to continue to benefit from all of the alerting and detection capabilities that the application has to offer. You can continue to leverage premium features for free until May 31st, at which point all instances without a Premium license will revert to Free.
    • Device Details pages now include
      a table of the top 10 applications detected in order of usage
       to help you identify when application bytes, session, or packet usage reach potentially harmful levels.
    • High-availability (HA) health alerts
       keep you aware when issues arise with your HA firewall deployment.
    • Network address translation (NAT) resource usage alerts
       help you monitor the computing resources utilized by your NAT policies and how well NAT processes are functioning in your network globally.
    April, 2022
    • To help you take steps to prevent flood attacks,
      AIOps for NGFW
       now generates two new
      Zone Protection profile
       alerts:
      Threshold Recommendation
       and
      Flood Detection
      .
      Threshold Recommendation
       alerts you when a Zone Protection profile is not configured for one of your network zones or when a profile is configured but its flood protection thresholds are out of date due to a change in infrastructure. The alert presents the current and recommended threshold values so that you can make the necessary adjustments to reinforce your protections.
      Flood Detection
       alerts you when traffic patterns suggest a flood attack so you can take immediate action and refine zone protections to prevent future occurrences.
    • Zone Protection profile
       alerts now include charts of the contributing events that triggered the alert. These charts show the connections per second (CPS) for a protocol in a given network zone and how they compare to thresholds that AIOps dynamically calculates for your environment. Examine these charts to help you pinpoint where and how a flood attack may be occurring in your network.
    March, 2022
    • AIOps for NGFW
       is now available to all! If you haven’t already, onboard your devices and activate your instance to take your security operations to the next level with continuous deployment health and security assessment, advanced alerting capabilities, predictive analytics, and more.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.