Features Introduced in March 2025
Focus
Focus
Prisma SD-WAN

Features Introduced in March 2025

Table of Contents
Here's a preview of what’s new in Prisma SD-WAN in March 2025.
Here's a preview of the new features introduced in Prisma SD-WAN in March 2025.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Prisma SD-WAN license

Support for Layer 3 Loopback Interfaces

Layer 3 Loopback Interface is a powerful new feature for ION devices that provides a virtual interface that is always reachable for management and troubleshooting operations. With this feature you can configure an IP address that is not tied to a physical interface and enable services like SSH, and Syslog without relying on physical LAN or WAN interfaces, which may be subject to customer infrastructure changes or security considerations.
The primary use case for L3 Loopback include management traffic segregation, SD-WAN tunnel establishment over non-routable MPLS WAN interfaces, and BGP routing protocol support.
Minimum device software version required is 6.5.2.

SASE Health Dashboard

The SASE Health Dashboard displays detailed site and data center status and connectivity. It enables you to monitor the status and connectivity of your remote sites and data centers. The dashboard provides a map view showing the locations and status of sites and Prisma Access locations, as well as detailed metrics on on-site connectivity, experience scores across networks, and application availability. You can use the SASE Health dashboard to identify any issues with remote site connectivity or performance. The map view gives you an overview of your network topology, while the detailed metrics and trend charts allow you to drill down into specific sites or regions. This dashboard is available to SASE (Prisma Access and Prisma SD-WAN) deployments only.

Enhanced Return Merchandise Authorization (RMA) Process

The Returned Merchandise Authorization (RMA) process allows users to replace failed or malfunctioning ION devices with new or reused, functional ION devices at a branch or a data center site. A device can fail or malfunction for several reasons, such as chip failure, misconfiguration, or daily wear and tear. If the device is unusable due to a malfunction or overall failure, the RMA process can be used to replace it.
When replacing an ION device, you can opt for a replacement with a like-like (same model) or a like-unlike (different model). This flexibility allows you to select a replacement device that best suits your needs. Remember that multiple replacement devices might be available, so choose the one with the device status online.
With this enhancement, we can now replace old model devices (ION 1000, ION 2000, ION 3000, ION 7000, and ION 9000) with new model devices (ION 1200, ION 1200-S, ION 3200, ION 5200, and ION 9200).

Enhanced DNS Probing over Standard VPN

The Enable DNS Liveliness in Tunnel feature improves HTTP probe reliability in ION devices by performing DNS lookups directly over the Service Link tunnel instead of relying on WAN interface DNS servers. Previously, ION devices sent DNS requests to all interfaces and used the first response received, which could lead to incorrect probe targeting or failures due to misconfigured or unreachable DNS servers. With this enhancement, DNS resolution occurs over the service tunnel, ensuring more accurate and reliable HTTP probes while eliminating dependency on WAN interface DNS servers.

Enhanced Interface Configuration View

The Prisma SD-WAN web interface is modified to improve the user experience of interfaces configuration and the usability of interface configurations between old and new platforms. The new user interface introduces a redesigned interface configuration page that utilizes full-screen width and height, implements a tabbed layout for sub interface and PPPoE configurations, and includes various user interface improvements, such as side panels for IP configuration and NAT pools. These changes are designed to enhance usability and provide a more consistent experience across platforms.

Enhanced Support for Prisma SD-WAN Features for FedRamp Moderate Environment

Prisma SD-WAN now supports the following features in a FedRAMP Moderate environment.
  • Strata Cloud Manager User Interface
  • BGPv6 of IPv4 - Core Peering
  • Virtual Routing and Forwarding
  • L2 Switching for ION 3200
  • Used-for-HA Capability on Layer 3 Interfaces
  • IPv6 BGP Support

Device-ID Enforcement

Branch security is essential and implementing Device-ID-based policies play a key role in strengthening our defenses. By integrating these policies with App-ID and User-ID, we create a comprehensive security framework that effectively protects against threats. Earlier, with the PA/SASE license, Prisma SD-WAN customers could get enhanced visibility into OT, IoT, and endpoint devices at their branches. Now, these device IDs can be seamlessly incorporated into security policies, enabling enforcement based on specific device IDs. This advancement delivers unparalleled security and granular control over path selection.
To use Device-ID support, contact Palo Alto Networks Support.