Download and install PAN-OS software patches to apply fixes to bug or Common Vulnerability Exposure (CVE) without the need to schedule a prolonged maintenance window to install a new PAN-OS version from the Next-Generation Firewall or Panorama™ management server web interface. This allows you to strength your security posture immediately without introducing new known issues or changed to default behaviors that may come with installing a new PAN-OS version.

Tags allows you the ability to visually group your policy rulebase. PAN-OS 10.2.5 introduces the Tag Browser which allows you to manage your policy rulebase using the applied tags, and thereby simplifies policy rulebase management.

Firewalls and Panorama management servers now validate software upgrades before you install them. This allows more steps to be completed prior to the software installation, which speeds up software upgrades and increases confidence in the upgrade process. For example, prior to downloading the target release, the appliance displays any required software, including intermediate software versions and content dependencies, which you can download along with the target release in one step. You can also use an SCP server as a download source and view a history of software upgrades.