NEW PAN-OS 10.0.2 Features: DLP & SD-WAN for 7000 series

Community Team Member

New PANOS 10.0.2 dlp and sdwan.png

Hello everyone.

 

So many new releases coming down the pipe! This time I am going to be talking about some of the new features inside of PAN-OS 10.0.2.

 

These new and anticipated features include Data Loss Prevention and SD-WAN for 7000 Series devices.


Data Loss Prevention (DLP)

First up is going to be DLP. Data Loss Prevention is something that every company is interested in, and dealing with it in the digital world is just as important. These DLP features are being introduced with PAN-OS 10.0.2.

 

New DLP Feature*

NEW FEATURE
DESCRIPTION
Enterprise Data Loss Prevention (DLP)
To protect against unauthorized access, misuse, extraction, and sharing of sensitive information, you need to effectively filter network traffic to block or generate an alert before sensitive information leaves the network. Enterprise Data Loss Prevention (DLP) provides a single engine for accurate detection and consistent policy enforcement for sensitive data at rest and in motion.
Panorama and managed firewalls running PAN-OS 10.0.2 and later releases support Enterprise DLP.

* - reprinted from the PAN-OS 10.0 Release Notes - Enterprise Data Loss Prevention Features 

 

SD-WAN

SD-WAN was introduced with PAN-OS 10.0, but those SD-WAN features weren't available for the 7000 Series devices.
All of the following features are introduced with PAN-OS 10.0.2.

 

SD-WAN features in PAN-OS 10.0.2 *
NEW FEATURES
DESCRIPTION
SD-WAN Forward Error Correction
When both endpoints of a VPN tunnel are PAN-OS firewalls that use forward error correction (FEC), the receiving tunnel endpoint can recover lost packets before the link needs to fail over to a better path. Thus, FEC at the network level allows you to maintain a high-quality application experience in your SD-WAN. FEC is especially helpful for applications that are sensitive to packet loss, such as voice and video streaming.
SD-WAN Packet Duplication
When both endpoints of a VPN tunnel are PAN-OS firewalls that use packet duplication, and two such tunnels to the same destination exist, the source firewall sends the same packets for an SD-WAN flow over both tunnel links. The destination tunnel endpoint receives the first packet successfully and discards the duplicate packet. Packet duplication allows the receiving firewall to mitigate poor network conditions before the link needs to fail over to a better path, although packet duplication uses twice the bandwidth for every flow because it duplicates all packets. Packet duplication allows you to maintain a high-quality application experience in your SD-WAN. Packet duplication is especially helpful for applications that are sensitive to packet loss, high latency, or jitter, such as voice and video streaming.
SaaS Application Path Monitoring
 
PAN-OS 10.0.2 now allows SD-WAN to accurately monitor and measure the health of SaaS and Cloud application path to ensure reliability and user experience. When you have an SD-WAN firewall with Direct Internet Access (DIA) link, SD-WAN fails over to a higher performance path based on accurate measurements of the path health quality.
SD-WAN visibility and monitoring now reflect the SaaS measurements for latency, jitter, and packet loss for Direct Internet Access (DIA) links.
Application and Link Performance Monitoring
SD-WAN monitoring and visibility now allow you to better understand the effectiveness of Forward Error Correction (FEC) and packet duplication for paths with degraded health metrics.

** - Information reprinted from the TechDocs Release Notes: PAN-OS 10.0.2 SD-WAN Features 

 

More Info

For all of the details for what has been included in PAN-OS 10.0, please refer to the TechDocs release notes here: Features Introduced in PAN-OS 10.0 

 

For DLP install instructions, please see the TechDocs site: Install the Enterprise Data Loss Prevention (DLP) Plugin 

 

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

384 Views
Labels