Subscriptions You Can Use With the Firewall
The following Palo Alto Networks subscriptions unlock certain firewall features or enable the firewall to leverage a Palo Alto Networks cloud-delivered service (or both). Here you can read more about each service or feature that requires a subscription to work with the firewall. To enable a subscription, you must first Activate Subscription Licenses; once active, most subscription services can use Dynamic Content Updates to provide new and updated functionality to the firewall.
|Subscriptions You Can Use With the Firewall|
Threat Prevention provides:
Provides enhanced DNS sinkholing capabilities by querying DNS Security, an extensible cloud-based service capable of generating DNS signatures using advanced predictive analytics and machine learning. This service provides full access to the continuously expanding DNS-based threat intelligence produced by Palo Alto Networks.
To set up DNS Security, you must first purchase and install a Threat Prevention license.
Provides the ability to not only control web-access, but how users interact with online content based on dynamic URL categories. You can also prevent credential theft by controlling the sites to which users can submit their corporate credentials.
To set up URL Filtering, you must purchase and install a subscription for one of the supported URL filtering databases: PAN-DB or BrightCloud. With PAN-DB, you can set up access to the PAN-DB public cloud or to the PAN-DB private cloud.
Although basic WildFire® support is included as part of the Threat Prevention license, the WildFire subscription service provides enhanced services for organizations that require immediate coverage for threats, frequent WildFire signature updates, advanced file type forwarding (APK, PDF, Microsoft Office, and Java Applet), as well as the ability to upload files using the WildFire API. A WildFire subscription is also required if your firewalls will be forwarding files to an on-premise WF-500 appliance.
Provides a graphical analysis of firewall traffic logs and identifies potential risks to your network using threat intelligence from the AutoFocus portal. With an active license, you can also open an AutoFocus search based on logs recorded on the firewall.
Provides cloud-based, centralized log storage and aggregation. The Logging Service is required or highly-recommended to support several other cloud-delivered services, including Magnifier, GlobalProtect cloud service, and Traps management service.
Provides mobility solutions and/or large-scale VPN capabilities. By default, you can deploy GlobalProtect portals and gateways (without HIP checks) without a license. If you want to use advanced GlobalProtect features (HIP checks and related content updates, the GlobalProtect Mobile App, IPv6 connections, or a GlobalProtect Clientless VPN) you will need a GlobalProtect license (subscription) for each gateway.
This license is required to enable support for multiple virtual systems on PA-3000 Series and PA-3200 Series firewalls. In addition, you must purchase a Virtual Systems license if you want to increase the number of virtual systems beyond the base number provided by default on PA-5200 Series, and PA-7000 Series firewalls (the base number varies by platform). The PA-800 Series, PA-220, and VM-Series firewalls do not support virtual systems.
Dynamic Content Updates
Palo Alto Networks frequently publishes updates to equip the firewall with the latest threat prevention and intelligence. ...
WildFire Overview WildFire™ provides detection and prevention of zero-day malware using a combination of dynamic and static analysis to detect threats and create protections to ...
Enable Free WildFire Forwarding
Enable Free WildFire Forwarding WildFire is a cloud-based virtual environment that analyzes and executes unknown samples (files and email links) and determines the samples to ...
Licenses for Cloud Security Service Providers (CSSPs)
Licenses for Cloud Security Service Providers (CSSPs) The Palo Alto Networks CSSP partners program allows service providers to provide security as a service or as ...
Enable DNS Security to access the full database of Palo Alto Networks signatures, including those generated using advanced machine learning and predictive analytics. ...
License Types—VM-Series Firewalls
License Types—VM-Series Firewalls You can license the VM-Series firewall as a Bring your own license (BYOL), Pay as you go, (PAYG), or with an Enterprise ...
Get Started with WildFire
Get Started with WildFire The following steps provide a quick workflow to get started with WildFire™. If you’d like to learn more about WildFire before ...
VM-Series Firewall Licenses for Public Clouds
VM-Series Firewall Licenses for Public Clouds The VM-Series firewall licensing strategy is the same for AWS, Azure, and Google Cloud Platform. There are different license ...
Cloud-Delivered DNS Signatures
Learn about how cloud-delivered DNS signatures generated using predictive analytics and machine learning can disrupt DNS-based attacks. ...