Panorama Features
Focus
Focus

Panorama Features

Table of Contents

Panorama Features

What new Panorama™ management server features are in PAN-OS 11.2?

Secure Custom AI Models on Private Endpoints

Aug 2025
  • Introduced in PAN-OS 11.2.8
You can extend AI security inspection to LLMs hosted on privately managed endpoints or input/output schemas that are not publicly known. By enabling this support within your AI security profile, all traffic that matches a security policy rule is forwarded to the AI cloud service for threat inspection, regardless of whether the model is a well-known public service or a custom-built private one. This ensures comprehensive security for your entire AI ecosystem.
The new AI security profile inspects and secures the AI traffic between AI applications and LLM models passing through Prisma AIRS: Network intercept that are managed by Strata Cloud Manager or Panorama. This profile protects against threats such as prompt injections and sensitive data leakage.

Panorama AI Security Log Enhancements

Aug 2025
  • Introduced in PAN-OS 11.2.8
Gain enhanced visibility into AI-specific threats through an additional AI security report that displays comprehensive AI security threat logs forwarded by Prisma AIRS Network intercept. This gives you enhanced visibility into AI model protection, AI application protection, and AI data protection threats detected based on your AI security profile configurations. You can also filter logs by the `ai-security` threat type when configuring log forwarding profiles or building custom reports, enabling targeted analysis and streamlined security operations for AI-specific threats.

Prisma AIRS AI Runtime Support in Panorama

Dec 2024
  • Introduced in PAN-OS 11.2.5
PAN-OS 11.2.5 introduces Prisma AIRS AI Runtime: Network intercept deployment and management support on Panorama, enhancing your ability to protect AI applications, AI models, and AI data.
The key features include:
  • AI Security Profiles: Create and manage AI security profiles directly from Panorama to configure specific protection settings for your cloud network architecture.
  • Traffic Objects: Define traffic objects with specific cloud assets and map them to zones to enforce security policy rules on AI traffic.
  • AI Security Logging: View Prisma AIRS AI Runtime: Network intercept firewall-generated logs forwarded to Panorama under Monitor Threat. The AI security threat logs are identified with the type: ai-security.

Zero Touch Provisioning (ZTP) Onboarding Enhancements

May 2024
  • Introduced in PAN-OS 11.2.
Zero Touch Provisioning (ZTP) allows simplifies onboarding Next-Generation firewalls to your Panorama™ management server by allowing you to minimize the manual admin intervention required to onboard the firewall and connect it to your network. PAN-OS 11.2.0 introduces additional enhancements to the ZTP onboarding experience by allowing you to activate applicable licenses and install the latest content updates when the firewall first connects to Panorama.
When you add ZTP firewalls to Panorama, you can now specify the firewall authorization code required to activate the firewall license. This allows you to activate the licenses on the ZTP firewall when it connects to Panorama for the first time. Additionally, you can configure Panorama to automatically push the latest downloaded content version when the ZTP firewalls successfully connects and is onboarded to Panorama in the template stack generated through the ZTP plugin. After a successful connection to Panorama, it activates the applicable licenses associated with the auth code you added for the ZTP firewall pushes the latest predefined device group and template stack configuration, installed the latest downloaded dynamic content version.