Firewall and PAN-OS Support of Device Security
Device Security support varies by firewall model and PAN-OS version.
Where Can I Use This? | What Do I Need? |
|
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise,
OT, or Medical)
Device Security X subscription
|
For Palo Alto Networks next-generation firewalls,
Device Security provides
visibility of discovered IoT devices based on the logs it receives from the firewall.
Device Security also uses machine learning (ML) to identify vulnerabilities and
assess risk in devices based on their network traffic behaviors and dynamically
updated threat feeds. Firewalls automate policy enforcement through
Device-ID™.
Device-ID identifies
devices by attributes such as device type, vendor, model, or operating system, and
then applies device-based policy rules to those with matching attributes.
Device Security generates the Security policy rule recommendations.
All Palo Alto Networks next-generation firewalls fully support Device Security
with the following exceptions.
IoT device visibility and the manual application of policy recommendations
but not Device-ID
No Device Security support
When choosing firewalls to subscribe to
Device Security services,
consider the type of
Device Security functionality they support. Another
factor to consider is when various firewall models will reach the
end of sales and service support and
when you plan to update them to newer models. However, even if you
subscribe a firewall to
Device Security and then decide to retire it
while its
Device Security license still has time remaining, you can
transfer the license from
that firewall to another one where
Device Security will continue to operate
for the remainder of its subscription period.