Firewall and PAN-OS Support of Device Security
Focus
Focus
Device Security

Firewall and PAN-OS Support of Device Security

Table of Contents

Firewall and PAN-OS Support of Device Security

Device Security support varies by firewall model and PAN-OS version.
Where Can I Use This?What Do I Need?
  • Device Security (Managed by Strata Cloud Manager)
  • (Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
  • Device Security subscription for an advanced Device Security product (Enterprise, OT, or Medical)
  • Device Security X subscription
For Palo Alto Networks next-generation firewalls, Device Security provides visibility of discovered IoT devices based on the logs it receives from the firewall. Device Security also uses machine learning (ML) to identify vulnerabilities and assess risk in devices based on their network traffic behaviors and dynamically updated threat feeds. Firewalls automate policy enforcement through Device-ID™. Device-ID identifies devices by attributes such as device type, vendor, model, or operating system, and then applies device-based policy rules to those with matching attributes. Device Security generates the Security policy rule recommendations.
All Palo Alto Networks next-generation firewalls fully support Device Security with the following exceptions.
IoT device visibility and the manual application of policy recommendations but not Device-ID
  • Multi Virtual System (multi-vsys) firewalls
No Device Security support
  • CN-Series firewalls before PAN-OS 11.1
  • VM-50
  • VM-200
When choosing firewalls to subscribe to Device Security services, consider the type of Device Security functionality they support. Another factor to consider is when various firewall models will reach the end of sales and service support and when you plan to update them to newer models. However, even if you subscribe a firewall to Device Security and then decide to retire it while its Device Security license still has time remaining, you can transfer the license from that firewall to another one where Device Security will continue to operate for the remainder of its subscription period.