For Palo Alto Networks next-generation firewalls, Device Security provides visibility of discovered IoT devices based on the logs it receives from the firewall. Device Security also uses machine learning (ML) to identify vulnerabilities and assess risk in devices based on their network traffic behaviors and dynamically updated threat feeds. Firewalls automate policy enforcement through Device-ID™. Device-ID identifies devices by attributes such as device type, vendor, model, or operating system, and then applies device-based policy rules to those with matching attributes. Device Security generates the Security policy rule recommendations.

All Palo Alto Networks next-generation firewalls fully support Device Security with the following exceptions.

When choosing firewalls to subscribe to Device Security services, consider the type of Device Security functionality they support. Another factor to consider is when various firewall models will reach the end of sales and service support and when you plan to update them to newer models. However, even if you subscribe a firewall to Device Security and then decide to retire it while its Device Security license still has time remaining, you can transfer the license from that firewall to another one where Device Security will continue to operate for the remainder of its subscription period.