>
    Strata Copilot
    Features Introduced in October 2025
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Prisma SD-WAN New Features
    4. Prisma SD-WAN Release Information
    5. Prisma SD-WAN Features Introduced in 2025
    6. Features Introduced in October 2025
    Download PDF
    Prisma SD-WAN

    Features Introduced in October 2025

    Table of Contents

    Features Introduced in October 2025

    Review the new Prisma SD-WAN features introduced in October 2025.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Prisma SD-WAN license
    Here's a preview of the new features introduced in Prisma SD-WAN in October 2025.

    Enhanced Branch Security

    Prisma SD-WAN is introducing CDSS (Cloud Delivered Security Services) Branch Security to extend on-box protection at the branch, complementing our SASE platform with capabilities such as intra-branch policy enforcement and local guest URL filtering.
    The branch security feature requires a subscription license and is supported starting with the release 6.5.3-I. Logging to SLS also requires a valid SLS license for your tenant/devices.
    Key Features:
    • Simplified Security Policy Enforcement: A Security Profile Group is a collection of security profiles (including Antivirus, Anti-Spyware, Vulnerability Protection, URL Filtering, and DNS) that function as a single unit. This structure allows for the assignment of multiple profiles to a security policy rule in one step. Both Prisma Access and Prisma SD-WAN use these Security Profile Groups to maintain a consistent security posture across the network. By applying the same profile group, traffic from mobile users (cloud-connected) and branch offices (local-edge-connected) receives an identical set of threat prevention checks, which simplifies policy management.
    • Integrated Threat Coverage: The feature provides integrated Threat Prevention, DNS Security, and URL Filtering services for your branch networks.
    • Centralized Logging: Prisma SD-WAN now offers the option to log all traffic and security events directly to the Strata Logging Service (SLS), providing centralized visibility, scalable cloud-native storage, and enhanced forensic capabilities.

    Enhanced Device Port Panel Visualization

    The new device port panel is illustrated with clear visual design elements to improve the user experience. The new design clearly displays port and configuration status by using colors for ports for different statuses. The legend at the bottom of the illustration explains the design components. The port tool tip provides additional information on the port configurations.

    New Security Zone Binding Workflow in Interface Configuration

    An interface must be assigned to a security zone before it can process traffic. Now you can bind a device-level security zone to an interface from the Interface configuration page. You can bind, unbind, update, or verify security zones to an interface. Controller interfaces, LAN interfaces of L2 bypass pairs, and Parent interfaces of sub-interfaces and PPPoE interfaces cannot be bound to a security zone.

    © 2025 Palo Alto Networks, Inc. All rights reserved.