PAN-OS

PAN‑OS® is the software that runs all Palo Alto Networks® next-generation firewalls. By leveraging the key technologies that are built into PAN‑OS natively—App‑ID, Content‑ID, Device-ID, and User‑ID—you can have complete visibility and control of the applications in use across all users and devices in all locations all the time. And, because inline ML and the application and threat signatures automatically reprogram your firewall with the latest intelligence, you can be assured that all traffic you allow is free of known and unknown threats.

Spotlight

Get Started with Nebula PAN-OS 10.2!

With PAN-OS 10.2, Palo Alto Networks introduces new and enhanced cloud-delivered security services. In concert with our ML-Powered Next-Generation firewalls, these services maximize ROI and extend best-in-class security without requiring independent infrastructures.

Get Started

Check out the New Upgrade Guide

Thinking about upgrading your next-gen firewalls and Panorama to PAN-OS 10.2? Before you begin, make sure you review the steps and any upgrade and downgrade considerations that might impact your upgrade.

Advanced Threat Prevention: Inline Cloud Analysis

Check out the New Networking Administrator's Guide

The PAN-OS Networking Administrator’s Guide provides information about your network interfaces, support for multiple virtual routers, static routes, dynamic routing protocols, and other major features that support networking on the firewall.

Simplified IoT Security Onboarding

Use a simplified workflow to add a Log Forwarding profile to the Security policy rules on your firewall.

Learn How

PAN-OS 8.1* & 9.0 are EoL

*We will provide critical fixes (for PAN-OS 8.1 only) on PA-200, PA-500, and M-100 appliances until 10/31/23 and on PA-5000 Series firewalls until 1/31/24.

Read Now

Getting Started

Documentation

Use the PAN-OS documentation to help you get the most out of your next-generation firewalls. Whether you are just getting started and you need to learn how to integrate your firewall into the network, or you are setting up advanced features to prevent credential theft and thwart an attacker’s ability to use stolen credentials to move laterally through your network, you will find the help you need in the PAN-OS documentation.

PAN-OS® New Features Guide

PAN-OS 10.2 makes it easier to prevent today's modern threats across all vectors throughout your entire infrastructure with the scale, speed, and agility of the cloud.

PAN-OS® Administrator’s Guide

The topics in this site provide detailed concepts and steps to help you deploy a new Palo Alto Networks next-generation firewall, including how to integrate the firewall into your network, register the firewall, activate licenses and subscriptions, and configure policy and threat prevention features. After you perform the basic configuration steps, you can use the rest of the topics in this guide to help you deploy the comprehensive security operating platform features as necessary to address your network security needs and prevent successful cyberattacks.

PAN-OS® Release Notes

Thinking about upgrading PAN-OS? First, review the release notes for known issues, addressed issues, and changes in behavior that may impact you.

PAN-OS Web Interface Reference

Not sure what to put in a field in the PAN-OS Web Interface? Use this guide to learn about each field, when to use it, and why to choose one option over another.

PAN-OS CLI Quick Start

Get up and running with the command-line interface and use the CLI cheat sheets for quick reference to the most useful commands.

PAN-OS® and Panorama™ API Guide

Harness the PAN-OS and Panorama XML API to power your integration and automation needs.

Terminal Server (TS) Agent Release Notes

Thinking about upgrading your TS agents? First, review the release notes for known issues, addressed issues, and changes in behavior that may impact you.

User-ID™ Agent Release Notes

Thinking about upgrading your User-ID agents? First, review the release notes for known issues, addressed issues, and changes in behavior that may impact you.

PAN-OS OpenConfig Administrator’s Guide

DoS and Zone Protection Best Practices

Protect against DoS attacks that try to take down your network and critical devices using a layered approach that defends your network perimeter, zones, and individual devices.

Data Center Best Practice Security Policy

Your enterprise's most valuable assets reside in your data center, including proprietary source code, intellectual property, and sensitive company and customer data. Your customers and employees trust you to maintain the confidentiality and integrity of their data and expect that data to be always available, so it's important to implement a data center best practice security policy that safeguards your data and prevents successful attacks. Use the guidelines in this site to plan, deploy, and maintain your data center best practice security policy.

Best Practices for Migrating to Application-Based Policy

Use Expedition and Policy Optimizer to automate and reduce the time and effort required to migrate from a legacy port-based Security policy to an application-based Security policy.

Decryption Best Practices

You can't defend against threats you can’t see. By enabling decryption on your next-gen firewalls you can inspect and control SSL/TLS and SSH traffic so that you can detect and prevent threats that would otherwise remain hidden in encrypted traffic. Use the best practice guidelines in this site to learn how to plan for and deploy decryption in your organization.

Best Practices Getting Started

Apply security best practices to reduce the attack surface, gain visibility into traffic, prevent threats, and protect your network, users, and data.

Getting Started with the BPA

Evaluate your Security policy, identify areas to improve, prioritize changes, and then transition safely to a best practice Security policy.

Internet Gateway Best Practice Security Policy

To protect your network from cyberattack and improve your overall security posture, implement a best practice internet gateway security policy. Use the guidelines in this site to plan, deploy, and maintain your internet gateway best practice security policy.

Panorama SD-WAN Plugin Help

PAN-OS Device Telemetry Metrics Reference

PAN-OS can collect data about the health and configuration of your next-generation firewalls, as well as metrics related to threat prevention. This document identifies and describes all of the metric categories, as well as the individual metrics, that PAN-OS can collect.

Read Now

PAN-OS Upgrade Guide

PAN-OS® Networking Administrator’s Guide

Administrative Access Best Practices

Firewalls and Panorama centralized management servers are the gatekeepers and protectors of your network. To prevent attackers from gaining access to these devices and reconfiguring them to permit malicious access to your network, follow these best practices to secure administrative access.

Best Practices

Best Practices for Securing Administrative Access

Best Practices for Applications and Threats Content Updates

Apps & Threats BP

URL Filtering Best Practices

IoT Security Best Practices

Secure IoT

Videos

Dynamic User Groups

Best Practice Assessment Plus (BPA+) Tool Demo

View the BPA+ demo, which shows you how to check your PAN-OS best practice configuration and update it if necessary.

Policy Optimizer

SD-WAN Demo

BPA+ YouTube Channel

Click "View BPA+ Playlist" to access all of the BPA+ videos, including best practice network security checks and a demo.

View BPA+ Playlist

Related Documents

IoT Security Administrator’s Guide

Learn how to get visibility, prevention, risk assessment, and enforcement for your IoT and OT devices in combination with our ML-Powered NGFW.

Read Now

Best Practices

At Palo Alto Networks, it’s our mission to develop products and services that help you, our customer, detect and prevent successful cyberattacks. We’ve developed our best practice documentation to help you do just that. Whether you’re looking for the best way to secure administrative access to your next-gen firewalls and Panorama, create best practice security policy to safely enable application access at the internet gateway and the data center, or learn the best way roll out a decryption policy to prevent threats from sneaking into your network, you will find the guidance you need here in our best practice documentation. And, our best practice library keeps growing and evolving to keep up with the ever-changing threat landscape, so be sure to check back often!

See All Best Practices Now

Translated PAN-OS Documentation

View All Translated Documents

Firewalls & Appliances

Palo Alto Networks® next-generation firewalls detect known and unknown threats, including in encrypted traffic, using intelligence generated across many thousands of customer deployments. That means they reduce risks and prevent a broad range of attacks. For example, they enable users to access data and applications based on business requirements as well as stop credential theft and an attacker’s ability to use stolen credentials.

View All Firewalls & Appliances Now

Download Enterprise SNMP MIB Files

Get MIBs

Custom Application IDs and Threat Signatures

Learn how to create custom application and threat signatures for network traffic that you want to detect, monitor, and control.

Learn More

Enterprise DLP

Review DLP

Panorama

Panorama™ provides centralized management capabilities that empower you with easy-to-implement, consolidated monitoring of your managed firewalls, Log Collectors, and WildFire appliances. With Panorama, you can centrally manage all aspects of the firewall configuration, shared policies, and generate reports on traffic patterns or security incidents — all from a single console.

Manage at Scale

Cortex Data Lake

Start Logging