SD-WAN Features
Focus
Focus
Next-Generation Firewall

SD-WAN Features

Table of Contents

SD-WAN Features

What new SD-WAN features are in PAN-OS 12.1?
The following section describes new SD-WAN features introduced in PAN-OS 12.1.

NGFW with Prisma SD-WAN Data Center Integration

August 2025
  • Introduced in SD-WAN 3.4.0 with PAN-OS 12.1.2.
  • Prisma SD-WAN devices running 6.5.2 with PAN-OS 12.1.2 or later.
You can now integrate the Palo Alto Networks next-generation firewalls with Prisma® SD-WAN at the data centers. This integration enables Prisma SD-WAN devices at branch locations to connect to a unified data center platform. It addresses challenges with traditional networks that rely on separate appliances for security and SD-WAN, that often lead to complexity, inconsistent policies, and limited adaptability to cloud demands, ultimately impacting user experience and productivity.
With SD-WAN capabilities, data centers establish secure tunnels with branch Prisma SD-WAN devices, enabling traffic steering based on SD-WAN policy rules while delivering advanced security features.
This integrated data center solution provides the following benefits:
  • delivers advanced security and SD-WAN capabilities in a single streamlined offering.
  • combines the strengths of Prisma SD-WAN's advanced networking capabilities and PAN-OS's robust security features, delivering a comprehensive and secure SD-WAN solution.
  • ensures uninterrupted connectivity between branch locations and data centers. Traffic is intelligently routed across the WAN, optimizing performance based on application requirements, network conditions, and Security policy rules.
  • Simplifies operations and enhances overall efficiency through a unified platform, Strata Cloud Manager.
Overall, this integration addresses the challenges of network complexity, security integration, performance optimization, and operational efficiency that many enterprises face as they evolve their WANs.
You need the following licenses for integrating Palo Alto Networks NGFW with Prisma SD-WAN data center:
  • Advanced SD-WAN license for the next-generation firewalls
  • Prisma SD-WAN branch subscriptions for the Prisma SD-WAN devices
We support this feature on PA-5440 firewall.

Simplified HA Device Configuration in SD-WAN

August 2025
  • Introduced in SD-WAN 3.4.0 with PAN-OS 12.1.2.
When adding a device in high availability (HA) to SD-WAN Devices, you now have the option to add its HA peer simultaneously. This feature streamlines configuration by enabling you to configure both devices from a single configuration page, ensuring configuration consistency between the active and passive devices. When selected, the system identifies the HA peer and displays the device name, prompting you to specify a site name for the peer. Both devices are then created with matching configurations, which is critical since SD-WAN configurations between HA pairs should be identical except for site names.
Prior to this enhancement, you needed to add each device in an HA pair separately to SD-WAN Devices, which could lead to configuration mismatches. The system would display warnings when such mismatches were detected, but the manual correction process was error-prone.
With this feature, any configuration changes made to one device automatically propagate to its peer, maintaining synchronization between the devices. This feature is useful when adding devices to VPN clusters, as SD-WAN requires both HA peers to have matching configurations for proper functioning during failover events.
If you attempt to configure HA devices separately, the SD-WAN plugin will prevent this operation and guide you to add HA pairs instead. This safeguard, along with visual indicators that alert you to any configuration mismatches between HA pairs, helps maintain the integrity of your SD-WAN deployment and ensures proper failover functionality in your high availability environment.