Zero Touch Provisioning (ZTP) streamlines the initial deployment of NGFW by minimizing the manual administrative intervention required to connect the device to your network. However, administrators still often need to activate applicable licenses and manually push content updates after the firewall establishes a connection to the Panorama® management server. PAN-OS 11.2.0 introduces enhancements to the ZTP experience that automate these critical post-connection steps. When you add ZTP NGFW to the Panorama, your security administrator now add the NGFW authorization code during the initial configuration phase. This enables Panorama to automatically activate the necessary licenses on the ZTP NGFW immediately upon its first connection.

Additionally, security administrators can configure Panorama to instantly push the latest downloaded dynamic content updates when the NGFW successfully onboards in the template stack generated by the ZTP plugin. After a successful connection to Panorama, Panorama activates the applicable licenses associated with the authorization code, pushes the latest predefined device group and template stack configuration, and installs the latest downloaded dynamic content version. These automations greatly reduce the administrative burden associated with large-scale NGFW deployments and ensure every new NGFW is compliant and up-to-date immediately.