So many new releases coming down the pipe! This time I am going to be talking about some of the new features inside of PAN-OS 10.0.2.
These new and anticipated features include Data Loss Prevention and SD-WAN for 7000 Series devices.
Data Loss Prevention (DLP)
First up is going to be DLP. Data Loss Prevention is something that every company is interested in, and dealing with it in the digital world is just as important. These DLP features are being introduced with PAN-OS 10.0.2.
New DLP Feature*
Enterprise Data Loss Prevention (DLP)
To protect against unauthorized access, misuse, extraction, and sharing of sensitive information, you need to effectively filter network traffic to block or generate an alert before sensitive information leaves the network. Enterprise Data Loss Prevention (DLP) provides a single engine for accurate detection and consistent policy enforcement for sensitive data at rest and in motion.
Panorama and managed firewalls running PAN-OS 10.0.2 and later releases supportEnterprise DLP.
SD-WAN was introduced with PAN-OS 10.0, but those SD-WAN features weren't available for the 7000 Series devices. All of the following features are introduced with PAN-OS 10.0.2.
SD-WAN features in PAN-OS 10.0.2 *
SD-WAN Forward Error Correction
When both endpoints of a VPN tunnel are PAN-OS firewalls that use forward error correction (FEC), the receiving tunnel endpoint can recover lost packets before the link needs to fail over to a better path. Thus, FEC at the network level allows you to maintain a high-quality application experience in your SD-WAN. FEC is especially helpful for applications that are sensitive to packet loss, such as voice and video streaming.
SD-WAN Packet Duplication
When both endpoints of a VPN tunnel are PAN-OS firewalls that use packet duplication, and two such tunnels to the same destination exist, the source firewall sends the same packets for an SD-WAN flow over both tunnel links. The destination tunnel endpoint receives the first packet successfully and discards the duplicate packet. Packet duplication allows the receiving firewall to mitigate poor network conditions before the link needs to fail over to a better path, although packet duplication uses twice the bandwidth for every flow because it duplicates all packets. Packet duplication allows you to maintain a high-quality application experience in your SD-WAN. Packet duplication is especially helpful for applications that are sensitive to packet loss, high latency, or jitter, such as voice and video streaming.
SaaS Application Path Monitoring
PAN-OS 10.0.2 now allows SD-WAN to accurately monitor and measure the health of SaaS and Cloud application path to ensure reliability and user experience. When you have an SD-WAN firewall with Direct Internet Access (DIA) link, SD-WAN fails over to a higher performance path based on accurate measurements of the path health quality.
SD-WAN visibility and monitoring now reflect the SaaS measurements for latency, jitter, and packet loss for Direct Internet Access (DIA) links.
Application and Link Performance Monitoring
SD-WAN monitoring and visibility now allow you to better understand the effectiveness of Forward Error Correction (FEC) and packet duplication for paths with degraded health metrics.