PAN-OS®9.0, the latest release of the software that powers our next-generation firewalls, keeps you on the cutting edge with tightly integrated innovations. It simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks.
What Do You Want To Do?
All New DNS Security Subscription
Our new DNS Security subscription uses predictive analytics to disrupt attacks using DNS for command and control or data theft.
Multi-Category and Risk Based URL Filtering
PAN-DB now assigns multiple categories to URLs, including new risk categories that you can use to move beyond a basic “block-and-allow” web access policy. Decrypt and apply strict threat prevention measures to high and medium risk sites so that your users can safely interact with websites that, while necessary for business, are potentially unsafe.
Use Policy Optimizer to Transform Your Legacy Rulebase
Policy Optimizer analyzes application usage and recommends intuitive policy rules that reduce security exposure without the risk of business impact.
See What Firewall Models Support PAN-OS 9.0
Refer to the Compatibility Matrix to learn what firewall and appliance models you can upgrade to version 9.0.
Panorama at Scale with Streamlined Device Onboarding
Manage up to 5,000 devices with a M-600 appliance, or a Panorama™ virtual appliance with the required resources.
You can now safely enable applications running over HTTP/2 for SSL forward proxy and SSL inbound inspection without any additional configuration, enabling the improved web experience HTTP/2 sites offer without compromising security.
Policy Match and Connectivity Tests from the Web Interface
You can now validate policy configuration changes directly from the web interface to ensure network traffic matches the policy rules as expected and that the firewalls can reach network resources and Palo Alto Networks services.
Consolidated Deployment for GlobalProtect Portals and Gateways
A single portal or gateway can now use the serial number or machine certificate of a device to determine whether the device is managed (corporate owned) or unmanaged (BYOD) and then enforce different authentication methods, configurations, and access control depending on the managed state.
PAN-OS 9.0 Best Practices
Data Center Best Practice Security Policy
Your enterprise's most valuable assets reside in your data center, including proprietary source code, intellectual property, and sensitive company and customer data. Your customers and employees trust you to maintain the confidentiality and integrity of their data and expect that data to be always available, so it's important to implement a data center best practice security policy that safeguards your data and prevents successful attacks. Use the guidelines in this site to plan, deploy, and maintain your data center best practice security policy.
Best Practices for Securing Administrative Access
Learn the best practices for securing administrative access to your firewalls to prevent successful cyberattacks through an exposed management interface.
Internet Gateway Best Practice Security Policy
To protect your network from cyberattack and improve your overall security posture, implement a best practice internet gateway security policy. Use the guidelines in this site to plan, deploy, and maintain your internet gateway best practice security policy.
Best Practices Getting Started
Apply security best practices to reduce the attack surface, gain visibility into traffic, prevent threats, and protect your network, users, and data.