Announcing AIOps for NGFW 2.5

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Announcing AIOps for NGFW 2.5

L2 Linker


Hello everyone!


We’re proud to announce the availability of AIOps for NGFW 2.5 to help our customers improve the operational efficiency of managing firewalls from a health and performance point of view, maximize their security posture and visualize and report the interplay between users, applications, and threats across their entire deployment. Here is a sample of the key features in this release:


  • Improved Best Practice Assessments – AIOps now meets and exceeds all the capabilities of the standalone Best Practice Assessment for NGFW and Panorama tool. This includes:
    • Ability to manually upload Tech Support Files (TSFs), which is particularly useful for NGFWs where telemetry simply cannot be enabled:



  • The telemetry-based “Best Practices” section of AIOps now has also full parity with the standalone tool in terms of the number of checks performed – going to over 240 now.

  • The Recommendations provided for Security Alerts now exceed the ones provided by the standalone tool in terms of how detailed and extensive they are, especially when it comes to providing CLI commands for remediation of the alerts:




  • Security Posture Overview is a brand new feature that allows customers to identify services and features of their NGFWs that are not activated or configured but are available to them and would improve their security posture. It further identifies NGFWs that may be activated and configured, but the configuration is not following Best Practices. This allows customers to fully leverage the capabilities that they have already licensed. A sense of relevance permeates all three stages. AIOps squeezes intelligence out of the configuration to map user-named zones to predefined network architecture roles and derive this sense of relevance.





  • Network traffic patterns vary by time of the day, day of the week, etc. With static threshold values, you may get accustomed to ignoring Alerts that you perceive as false alarms, and you might miss an actual Alert that could lead to a business outage.

With Dynamic Thresholds, AIOps automatically adjusts the warning level threshold values by employing ML algorithms that learn the behavior of the underlying metric. This feature means the Alert is generated only when the firewall is experiencing an actual problem. This dramatically reduces alerts that, with static values for the thresholds, might be created because of a cyclical behavior, or even if the normal behavior of the metric is just above the out-of-the-box static threshold values.






  • The new CDL Infrastructure Health features ensure the CDL Infrastructure is stable and healthy – e.g., on log ingestion, forwarding and retention (to support Log Explore), Compliance, and Threat behavior analysis and trends.



AIOps for NGFW relies on CDL data for many of its analytics features and ensuring the availability and integrity of that data is key to a well-oiled AIOps for NGFW deployment.

  • With the new SURE (Software Upgrade Recommendation Engine), AIOps for NGFW 2.5 Premium provides guidance on the software version best suited for your NGFWs based on 
    • The enabled feature set on the firewall
    • The model of the hardware, and
    • Known vulnerabilities





  • AIOps for NGFW 2.5 Premium has the new Policy Analyzer which helps identify errors and misconfigurations in security policies; you can perform this analysis before committing changes to a NGFW’s policy configuration (Pre-Change Policy Analysis) or after the change has already been committed in Panorama (Post-Change Policy Analysis).




When the operator receives a new request for a policy change, this feature allows the operator to understand if the desired outcome of this policy is already met, explicitly refuted or denied by default. 


  • Last but not least: a new Threat Insights dashboard in AIOps 2.5 Premium which provides a 360-degree view into all the threats detected in your network – across WildFire, Advanced URL FIltering, DNS Security, Advanced Threat Prevention and Enterprise DLP. You can view all impacted users and applications as well as specific rules that are allowing or blocking threats:




Check out what else is new and other enhancements by requesting a 90-day trial of AIOps for NGFW Premium.


You can also see a demo of some of the above features in this post.


Have you not activated your free instance of AIOps for NGFW yet? Here’s how.

  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!