(September 2025) Introduced in PAN-OS 11.1.11.

Device Security enables you to secure your connected device environments with both inbound and outbound policy recommendations. While PAN-OS and Panorama initially supported only outbound policy recommendations, the addition of inbound policy recommendations lets you create a more comprehensive security posture for your IT and IoT devices. Creating policy rule recommendations based on both outbound and inbound profile behaviors helps prevent vulnerability exploitation, lateral movement, and other security risks that outbound policies alone cannot address.

You can now view both inbound and outbound behaviors for device profiles in the UI and create security policies accordingly. For outbound behaviors, the source is the IT/IoT device profile, while the destination can be any. For inbound behaviors, you can now set the source as any, and the destination is the IT/IoT device profile. This symmetrical approach lets you control both what your IT/IoT devices can access, as well as what other enterprise sources can access your IT/IoT devices, implementing a true Zero Trust security model.

The policy recommendation workflow supports both per-device and per-profile levels, giving you flexibility in how you implement security policies. When creating policies, you can specify source and destination attributes including device profiles, IP addresses, and FQDNs. The naming convention for policies intelligently selects the appropriate profile name (whether in source or destination) to ensure clarity in your policy set. For policy rule recommendations based on inbound profile behaviors, the name has "-inbound" appended.

By leveraging both inbound and outbound policy recommendations, you can significantly reduce your attack surface by allowing only trusted behaviors for your IT/IoT devices. This is particularly valuable for securing critical infrastructure and sensitive device deployments where you need to control both inbound and outbound traffic.

For customers with Strata Logging Service, Device Security in Strata Cloud Manager introduces a Log Viewer on the Device Details page. The Log Viewer displays the 10 most recent logs for the device. You can filter the displayed log by time range and traffic direction. Access the Log Viewer under the Behaviors section of a Device Details page. From the Log Viewer on the Device Details page, you can also go to All Traffic Logs, which takes you to the Strata Cloud Manager Log Viewer.

(February 2026) The Device Security Device Search API now returns a site name, instead of a site ID, for a device search. Additionally, the API also returns the results sorted by the Last Activity attribute, in descending order.

(September 2025) You can find devices and multi-interface devices when querying for devices using the Device Security API. Use the Device Search API to find (multi-interface) devices in your assets inventory when searching by IP address or MAC address. This API can only be used with Device Security in Strata Cloud Manager, and it isn't supported by the legacy IoT Security portal.