Device Security Features
Focus
Focus
Next-Generation Firewall

Device Security Features

Table of Contents

Device Security Features

Learn about new Device Security capabilities in PAN-OS 12.1.
The following section describes new Device Security features introduced in PAN-OS 12.1.

Advanced Device-ID

August 2025
  • Introduced in PAN-OS 12.1.2
Advanced Device-ID enhances the existing Device-ID by enabling more granular and precise device grouping capabilities for policy recommendations. With Advanced Device-ID, you can create complex Device-ID objects by defining matching criteria using multiple asset categories and attributes. The matching criteria allow for matching specific asset types, operating systems, and device categories, or even exclude certain devices, based on risk and various other factors.
Using Advanced Device-ID, you can create more targeted security policy rules, improving your network's overall security posture. For example, you can define policy rules for all IoT assets and exclude a few predefined ones, or create rules for assets without an Device Security verdict. The feature also supports grouping multiple Device-ID objects together for use in security policy rules, helping to streamline policy management.
In healthcare, manufacturing, and industries with diverse asset ecosystems, Advanced Device-ID provides more precise control over asset access and security policy applications, helping you meet compliance requirements and reduce security risks. With a more nuanced approach to how security policy rules apply to a variety of assets, Advanced Device-ID enables you to better protect your network while maintaining operational efficiency.
Advanced Device-ID introduces three operational modes: legacy, hybrid, and advanced. These modes allow you to transition from the existing Device-ID implementation to the new advanced functionality. In hybrid mode, you can use both legacy and advanced Device-ID objects, providing backwards compatibility and ensuring your security policy rules remain active, while allowing you to explore the new capabilities. The advanced mode offers the full power of the new feature, with improved asset targeting features using asset attributes learned from Device Security.