Firewall and PAN-OS Support of IoT Security

IoT Security support varies by firewall model and PAN-OS version.
For Palo Alto Networks next-generation firewalls running PAN-OS 8.1, PAN-OS 9.0, or PAN-OS 9.1, the IoT Security solution provides visibility of discovered IoT devices based on the logs it receives from the firewall. IoT Security also uses machine learning (ML) to identify vulnerabilities and assess risk in devices based on their network traffic behaviors and dynamically updated threat feeds. Although these PAN-OS versions don’t support automated policy enforcement of IoT devices through the Device-ID™ framework, which is available from PAN-OS 10.0, you can still use the policy rule recommendations that IoT Security generates as a reference when manually adding rules to your firewalls. IoT Security always generates Security policy rule recommendations regardless of the PAN-OS version.
Firewalls running PAN-OS 10.0 or later automate policy enforcement through Device-ID. This is a mechanism that identifies devices by attributes such as device type, vendor, model, or operating system and then applies device-based policy rules to those with matching attributes.
All Palo Alto Networks next-generation firewalls running PAN-OS 10.0 or later fully support IoT Security with the following exceptions.
IoT device visibility and the manual application of policy recommendations but not Device-ID
  • PA-200 with PAN-OS 8.1
  • PA-500 with PAN-OS 8.1
  • PA-3020 with PAN-OS 8.1, PAN-OS 9.0, or PAN-OS 9.1
  • PA-3050 with PAN-OS 8.1, PAN-OS 9.0, or PAN-OS 9.1
  • PA-3060 with PAN-OS 8.1, PAN-OS 9.0, or PAN-OS 9.1
  • PA-5020 with PAN-OS 8.1
  • PA-5050 with PAN-OS 8.1
  • PA-5060 with PAN-OS 8.1
No IoT Security support
  • VM-50
  • VM-200
  • CN Series
  • Software Next-Generation Firewall Credits

Recommended For You