Wall's Week - August 17th, 2018

by kwall00 on ‎09-17-2018 07:14 AM - last edited 2 weeks ago by (5,651 Views)

Palo Alto Networks Live Community explains new features for PAN-OS 8.1, updates to Azure firewall, and a list of End of Sale products. Also, read about how to become a beta customer, Cyber Range, new security advisories, the new Unit42 blog, and learn how to sign up for Palo Alto Networks alerts.

 

 

 

Summary

PAN-OS 8.1.3 now available

Azure Firewall – update and blog site

Cyber Range

End-of-Sale and End-of-Life

Beta customers needed for next major release

Security advisories

Sign-up for various updates

Unit 42 blog

Considerations when upgrading to PAN-OS 8.1

What’s new in PAN-OS 8.1

 

 

PAN-OS 8.1.3 now available

This version is now available on the Support site. Since it has just released, it will take a few weeks before we have any metrics. The release notes may be found here:

https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os-release-notes.html

 

 

Azure firewall – Update and blog site

Recently, Microsoft announced that the Azure Firewall is in public preview (beta). The Azure Firewall is a new, optional set of extra cost security features that would be deployed in conjunction with Azure Network Security Groups. Key capabilities include:

  • A stateful firewall as a service that provides outbound control over traffic based on port, protocol and fully qualified domain name (FQDN – i.e., www.github.com). 
  • Built-in high availability with unrestricted cloud scalability; fully integrated with Azure Monitor for logging and analytics.
  • Price based on each FW instance deployed + bandwidth consumed.

More info can be found here: https://azure.microsoft.com/en-us/services/azure-firewall/

Public facing blog: https://researchcenter.paloaltonetworks.com/2018/08/cloud-understanding-differences-azure-firewall-v...

 

 

Cyber Range

If you’re interested in participating in or learning more about our Cyber Range, visit here:

https://www.paloaltonetworks.com/solutions/initiatives/cyberrange-overview

Red team, Blue team real-time exercises designed to sharpen your cyber skills on the Palo Alto Networks platform. Participate individually, with your team, or with other organizations (max of 12 people). Locations include:

  • Amsterdam, Netherlands
  • Sydney, Australia
  • Washington, D.C. / Reston area
  • Santa Clara, CA at Palo Alto Networks headquarters 

 

End-of-Sale and End-of-Life

As of August 1st, the following products are end-of-sale:

The end-of-sale date for these items will be January 31, 2019. They will continue to be supported of course (for five years) but will no longer be available for purchase. Going forward, customers should purchase the newer PA-5200 Series appliances, which have more capacity at a similar cost as the PA-5000 Series. The PA-7000 NPC line cards effected are the PA-7000-20G-NPC and PA-7000-20GQ-NPC. The remaining NPC cards are not effected (PA-7000-20GXM-NPC and PA-7000-20GQXM-NPC).

 

Also, in case you missed it, the PA-200, PA-500, and M-100 appliances were announced end-of-sale in May (with an EoS date of October 31, 2018). Newer hardware should be considered: PA-220, PA-800 series, and the M-200. More information may be found here:

https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-sale

 

Beta customers needed for next major release

Interested in testing the next major release (a.k.a. Kiev)? If you have a good understanding of PAN-OS, would like to test new features, and be willing to provide feedback, sign up here:

https://beta.paloaltonetworks.com/Registration/Index?betaID=164%20

Note that the following devices are not supported in the beta: PA-200, PA-500, PA-5000, and M-100.

 

Security advisories

The following security advisories were announced earlier this week:

  • PAN-SA-2018-0009 – Cross-site scripting in GlobalProtect portal
    • Medium severity, fixed in PAN-OS 7.1.19, and 8.0.12
    • Note: PAN-OS 8.1 is NOT effected
  • PAN-SA-2018-0019 – Denial of service in PAN-OS management web interface
    • Low severity, fixed in 8.1.3
    • Note: PAN-OS 6.1, 7.1, and 8.0 are NOT effected

See more details here:

https://securityadvisories.paloaltonetworks.com/

 

 

Sign-up for various updates

If you aren’t receiving updates from Palo Alto Networks and would like to, here are the steps:

  • Browse to https://support.paloaltonetworks.com/
  • In the upper-right-hand corner, select the dropdown on your name and select Preferences
  • Click the boxes where you would like to be notified and Save the changes

 

Unit 42 blog

If threat research is your ambition and you aren’t aware of our Unit 42 team, you should check it out:

https://researchcenter.paloaltonetworks.com/unit42/

This team takes on the task of dissecting various malware campaigns through all means available (reverse engineering, WildFire analysis, AutoFocus data, etc.) and reports the IoCs and other interesting data in blog format. Of course, their research also feeds back into WildFire, so customers with that subscription are auto-inoculated. ;-)

 

 

Considerations when upgrading to PAN-OS 8.1

If you have the need to upgrade to PAN-OS 8.1, like all new releases, be sure to read the upgrade/downgrade considerations before making plans. Here are the ones we know about:

https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/upgrade-to-pan-os-81

In addition, there are ones I have heard from my customers:

  • Once upgraded, you may encounter an error when committing/pushing changes if you have multiple policies with the same name (i.e., one active, one disabled). Either remove or rename the duplicates.
  • If you have an active/active firewall pair, you now must include a Device-ID in the configuration. This was not required before but is enforced now.

 

What’s new in PAN-OS 8.1

There are a lot of nice additions to your security arsenal in PAN-OS 8.1. Some of my favorites include:

  • SSL Decryption Broker
  • Rule usage counters (immensely useful)
  • Separate App-ID installation parameters
  • HTTP header insertion
  • New SaaS application characteristics
  • Template/Template Stack/Device variables (simple, but brilliant)
  • Device health metrics

Click here for more information:

https://www.paloaltonetworks.com/company/press/2018/palo-alto-networks-adds-to-its-next-generation-f...

Ask Questions Get Answers Join the Live Community
Labels