IoT Security Features
Focus
Focus

IoT Security Features

Table of Contents
End-of-Life (EoL)

IoT Security Features

Learn about new IoT Security capabilities in PAN-OS® 11.0.
New IoT Security Feature
Description
IoT Security for Isolated Network Segments
(PAN-OS 11.0.2 and later 11.0 releases)
You can deploy one or more Palo Alto Networks next-generation firewalls as hardened security telemetry gateways to logically connect firewalls in isolated network segments with Palo Alto Networks cloud-delivered security solutions. The security telemetry gateways block any attempted inbound internet connections to the isolated firewalls using either a single gateway or multiple gateways in a chain depending on your needs and the design of your network architecture.
IoT Security Policy Rule Recommendation Enhancements
New PAN-OS® and IoT Security configuration workflows make it easier to scale and manage policy rule recommendations. The names of recommended policy rules are now automatically generated. IoT Security automatically pushes activated policy rule sets to Panorama and next-generation firewalls. Panorama lets you import multiple rules at a time into multiple device groups, and firewalls let you import multiple rules at a time into your policy rulebase.
Improved DHCP Traffic Visibility for IoT Security
By extending DHCP traffic visibility further into your network, you can now discover and monitor even more devices than ever. IoT Security employs multiple methods to detect and monitor network activity and correlate it to individual devices. A particularly useful method is the examination of DHCP traffic, which allows IoT Security to associate dynamically assigned IP addresses with device MAC addresses and then add these devices to its inventory and track their network behavior. When it’s difficult to route DHCP traffic in certain areas of the network to or through a firewall, there can be gaps in the coverage that IoT Security provides. To improve visibility into DHCP traffic that otherwise wouldn't reach the firewall, you can configure DHCP servers to send the firewall their server logs as syslog messages. The firewall then forwards the logs through the logging service to IoT Security.