Palo Alto Networks Introduces PAN-OS® 12.1 Orion

Discover how PAN-OS® 12.1 Orion Major Features protects against tomorrow’s threats today.

By: @Jigar | @ibashir

As enterprises accelerate AI adoption, scale multicloud environments, and prepare for the quantum era, the complexity of securing dynamic infrastructures continues to grow. Threat actors are evolving at unprecedented speed, exploiting weaknesses in fragmented security architectures and inconsistent controls.

With PAN-OS® 12.1 Orion, Palo Alto Networks introduces a release engineered to deliver more innovative, more predictable, and more resilient network security. It’s built to address the challenges facing modern organizations by providing a robust foundation that enables IT leaders to confidently embrace the future of multicloud, AI, quantum, and beyond. The major features of the core components in PAN-OS cover new NGFW hardware, networking, SD-WAN, decryption and cryptography, clustering, User-ID, and more.

Breakthrough Innovations and Features in PAN-OS 12.1 Orion

Quantum-Safe Readiness Built into the OS

Quantum computers will eventually break classical encryption algorithms such as RSA and ECC, making the transition to post-quantum cryptography (PQC) a critical, multi-year initiative. PAN-OS® 11.1 and 11.2 began this journey with support for PQC in site-to-site VPNs (RFC 8784, RFC 9242, RFC 9370). Since NIST’s standardization of PQC algorithms in August 2024, adoption has accelerated across browsers, messaging apps, and libraries, including LibOQS, OpenSSL, wolfSSL, and BoringSSL. As PQC traffic grows, malicious actors are equally able to exploit these libraries, increasing the need for enterprise-grade inspection and control.

Figure 1: Click the demo to learn more. 

PAN-OS 12.1 Orion advances this capability by embedding quantum-safe functions directly into the operating system:

1. Quantum Readiness View in Strata Cloud Manager – Delivers a comprehensive, actionable inventory of cryptographic posture in Strata Cloud Manager (SCM), mapping users, devices, and NGFW traffic into categories of quantum-secure, weak, or vulnerable.
2. Decryption at Scale – Enables next-generation firewalls to decrypt and inspect traffic encrypted with PQC algorithms, ensuring visibility into threats that leverage emerging cryptography.
3. Cipher Proxy Translation – Converts inbound and outbound PQC traffic into classical cryptography for compatibility with legacy applications, enabling staged migration without code changes.

These innovations establish a clear roadmap from assessment to adoption, allowing organizations to inventory their cryptographic environment, remediate risks, enable PQC inspection, and progressively transition toward quantum-safe operations.

Unified Network Security to Accelerate Cloud and AI Transformation

The proliferation of applications across public and private clouds has created a fragmented security landscape, marked by inconsistent controls, misconfigurations, operational silos, and growing blind spots. 

PAN-OS 12.1 Orion addresses these challenges with new software firewall capabilities that provides a unified multicloud security framework that simplifies protection for dynamic environments,accelerating both cloud and AI transformation. Our software firewall automatically discovers workloads and data flows across AWS, Azure, GCP, and private data centers, eliminating blind spots and reducing the need for manual inventories.

Figure 2: Automate Deployment of a Multicloud Security Fabric

Our new Multicloud Security Fabric (MSF) provides the foundation, establishing a unified network security overlay that automatically connects and protects workloads across disparate cloud environments with consistent policy. For private cloud workloads experiencing unpredictable traffic demands, the Hyperscale Fabric (HSF) ensures security can scale elastically without creating performance bottlenecks.

For microperimeter use cases, we’ve also delivered Traffic Redirector, which programmatically steers traffic from discovered workloads to the appropriate security services for inspection. This eliminates the manual, error-prone routing changes that typically slow down application deployment.

This integrated approach simplifies the entire security lifecycle around four key pillars:

• Discover: Gain continuous, automated visibility into all assets and their associated risks across every cloud and AI environment.
• Deploy: Programmatically deploy a unified security fabric that automatically applies consistent policies and controls to newly discovered applications.
• Protect: Enforce advanced Layer 7 threat prevention and microperimeters to stop lateral movement and secure modern application and AI workloads.
• Operationalize: Manage the entire multicloud security posture from a single console, simplifying governance and reducing mean time to resolution for network issues.

Pan-OS 12.1 Orion delivers new software firewall capabilities that enable this 4-pillar approach to multicloud and AI security.

Figure 3: Four-pillar approach to multicloud and AI security.

Expanded Defense Capabilities Powered by Precision AI

Adversaries are increasingly using AI to accelerate reconnaissance, exploit development, and automate attacks. To counter this, PAN-OS 12.1 Orion integrates Precision AI, Palo Alto Networks’ proprietary engine that combines machine learning, deep learning, and generative AI to detect and prevent attacks in real time. Orion extends the reach of Precision AI across the enterprise with new capabilities that strengthen defenses against advanced threats. 

The Advanced DNS Security Resolver introduces a resolver-based deployment option that inspects both DNS requests and responses, detecting more threats than competitors while integrating with Strata Cloud Manager for centralized visibility and control. Additionally, Device Security expands protection beyond IoT to cover every managed, unmanaged, and operational technology device, combining active and passive data collection with IT and OT integrations. 

Applying risk-adaptive policies and guided virtual patching reduces alert fatigue and enables proactive mitigation. In addition, Orion introduces new AI-driven threat detections, including single-query DNS tunneling detection, in-memory API vector analysis, and encrypted Sliver C2 prevention. Together, these innovations reduce noise, improve detection precision, and deliver end-to-end protection across the entire attack lifecycle.

Precision AI capabilities deliver unmatched defense:

• Advanced DNS Security Resolver (ADNSR): Traditional resolvers limit inspection to DNS requests, leaving response traffic unchecked and exploitable. ADNSR inspects both DNS requests and responses in real time, leveraging advanced detection models to identify tunneling, command-and-control, and data exfiltration attempts. It delivers more than twice the coverage of competitive offerings. It operates seamlessly across hybrid and multi-vendor environments with integration into Strata Cloud Manager for centralized policy enforcement and visibility.
  
  
  Figure 4: Click the demo to learn more. 
  

• Proactive Device Security: Extends protection beyond IoT to every managed, unmanaged, and operational technology (OT) device. Using a combination of active probing and passive traffic analysis, it builds a complete device inventory enriched through integrations with IT and OT management tools. Risk-adaptive access controls and guided virtual patching mitigate vulnerabilities without disrupting operations, reducing false positives and alert fatigue.
  
  
  Figure 5: Click the demo to learn more. 
  

• AI-Driven Threat Detections: Orion introduces new AI-powered detection engines across the attack lifecycle. Capabilities include deepfake-based phishing detection using advanced content analysis, in-memory API vector analysis to uncover evasive malware techniques, encrypted Sliver C2 prevention that identifies obfuscated command-and-control channels, and a Data Exfiltration Shield that blocks covert data exfiltration attempts hidden in DNS relays and HTTP headers. These engines operate at line rate, ensuring both precision and performance at scale.

Operational Simplification with Strata Cloud Manager (SCM)

Managing distributed firewalls, SASE, and SD-WAN deployments has traditionally required multiple tools, creating silos and adding complexity for security operations teams. PAN-OS 12.1 Orion eliminates this fragmentation by consolidating management into a single AI-powered platform with Strata Cloud Manager (SCM).

SCM delivers end-to-end operational simplification through:

• Cloud-Native Management: Enables seamless migration from Panorama to a fully cloud-native model, simplifying deployment, scaling, and lifecycle management while reducing administrative overhead.
• Zero Trust Reinforcement: Provides real-time dashboards that analyze traffic, policies, and anomalies, offering AI-driven recommendations for policy optimization and risk reduction.
• Automated Compliance: Continuously validates security posture against regulatory frameworks such as NIST, HIPAA, and PCI DSS, with closed-loop remediation to enforce compliance at scale.
• AI-Powered Health Monitoring: Monitors devices, traffic flows, configurations, and services, proactively detecting issues before they disrupt availability or performance.
• Strata Copilot and AI Canvas: Enhance troubleshooting and operations with natural language-driven assistance, guided root-cause analysis, and customizable dashboards, accelerating decision-making and reducing mean time to resolution (MTTR).
  
  
  Figure 6 :In-Product Migration from Panorama to Strata Cloud Manager
  

With SCM, enterprises gain a unified, intelligent control plane that strengthens Zero Trust architectures, ensures regulatory compliance, and reduces operational complexity across multicloud and hybrid environments.

5th-Generation NGFW Platform

PAN-OS 12.1 Orion introduces fourteen new fifth-generation Next-Generation Firewalls (NGFWs) engineered for quantum readiness, high-performance security, and resilience across enterprise, branch, and industrial environments.

• PA-5500 Series (Data Center): Purpose-built for large-scale data centers, delivering up to 4x the performance of previous generations. Equipped with 400 Gbps interfaces and quantum-optimized hardware acceleration, it enables high-throughput inspection of post-quantum cryptography (PQC) traffic and secure connectivity for AI-driven workloads.

• PA-500 Series (Branch): Designed for integrated branch deployments, combining best-in-class Layer 7 inspection with a compact, power-efficient form factor. Simplified Zero Touch Provisioning (ZTP) streamlines deployment and lifecycle management for distributed enterprises.

• PA-455R-5G (Industrial/Edge): Hardened for rugged and outdoor environments, this model extends enterprise-grade protection to operational technology (OT) and edge networks. It features native 5G connectivity and a ruggedized chassis to deliver resilient performance in harsh conditions.
  
  
  Figure 7: 5th-Generation NGFWs
  

These new NGFW platforms expand your ability to secure diverse environments, supporting everything from high-capacity data centers to remote branches and industrial sites, while ensuring organizations remain prepared for quantum-era threats.

Additional Features Expanding the Advantage of PAN-OS 12.1 Orion

In addition to quantum-safe innovation and next-generation firewall performance, PAN-OS 12.1 Orion introduces powerful capabilities to extend security, flexibility, and modernization across your network:

• Decryption Enhancements – Streamline and scale encrypted traffic inspection with improved performance and coverage, ensuring visibility without compromising speed.

• Passwordless for Enterprise Apps – Strengthen identity security with phishing-resistant, passwordless authentication that simplifies access for users across your critical enterprise applications.

• PAN-OS Modernization – Modern, cloud-ready OS architecture designed for agility, scalability, and seamless integration across hybrid and multicloud environments.

• PAN-OS NGFW integration with Prisma SD-WAN – Deliver simplified branch connectivity with integrated security and application-aware routing in a single converged platform.

• FE-400 – A new firewall engine with a purpose-built ASIC for advanced threat prevention and high-performance data center deployments.

• Advanced Routing Engine – Next-generation routing for large-scale, complex environments, optimized for throughput, reliability, and simplified management.

• Web Proxy on the PA-5450 – Built-in web proxy functionality on our flagship PA-5450, reducing the need for point products and consolidating security operations.

Get Ready for A Quantum-Safe Security Future

PAN-OS 12.1 Orion is not just a new operating system; it's a paradigm shift in network security. It's our answer to the growing complexity you face every day, providing a unified, AI-driven, and future-ready platform that simplifies your operations and strengthens your defenses. We're also introducing 14 new 5th-generation Next-Generation Firewalls, which are designed to redefine performance and protection for data centers and distributed branches.

With features like the Multicloud Security Fabric and an easy path to quantum-safe security, PAN-OS 12.1 Orion allows you to move from a state of complexity to one of confidence, ready to secure what's next.

Start your journey with PAN-OS 12.1 and see firsthand how our technology helps secure your future.

Sign up now to get an in-depth look at PAN-OS 12.1.