New Networking Features With PAN-OS 11.0 Nova

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member

General Graphics.jpg


Palo Alto Networks launched PAN-OS 11.0 Nova last month, including new advanced features and hardware.


For all the security folk who began their careers in networking, have you seen the new networking features for PAN-OS 11.0? There are many rich features like the PAN-OS integrated web proxy! Customers who require a legacy proxy in their environment can now leverage PAN-OS as a unified platform for maintaining the boundary edge. Check out all of the cool networking features below. 


New networking features in PAN-OS 11.0 Nova:




Web Proxy

Some networks are designed around a proxy for compliance and other requirements. The Web Proxy capability available in PAN-OS 11.0 allows these customers to migrate to NGFW without changing their proxy network to secure web as well as non-web traffic. With web proxy available for both NGFW and Prisma Access, Palo Alto Networks helps you transition to a single, integrated security stack for web security across on-premises and cloud-delivered form factors. By configuring seamless synchronization between your on-premises proxy device and the cloud-based proxy, you can enable Prisma Access as a SASE solution for your SWG-based network architecture to ensure consistent policy application regardless of location.
IPSec Transport Mode
In addition to the default tunnel mode, you can now configure IPSec tunnels to use Transport Mode when encrypting host-to-host communications. Transport mode encrypts only the payload while retaining the original IP header. You can use Transport mode to encrypt the management traffic with the most secure protocols.
Multicast Source Discovery Protocol on Advanced Routing Engine

The Advanced Routing Engine adds support for MSDP. MSDP interconnects multiple IPv4 PIM Sparse-Mode (PIM-SM) domains, enables the discovery of multicast sources in other PIM-SM domains, and reduces the complexity of interconnecting multiple PIM-SM domains by allowing PIM-SM domains to use an inter-domain source tree.

BFD Support on PA-400 Series Firewalls

Bidirectional Forwarding Detection (BFD) support is extended to the PA-400 Series firewalls (PA-410, PA-440, PA-450, and PA-460 firewalls) for both the legacy routing engine and Advanced Routing Engine.



Power Over Ethernet (PoE)

PoE enables you to transfer electrical power from a supported firewall to a powered device. Using interfaces that have been configured for PoE, you can allocate power to multiple powered devices while still maintaining data transfer over an Ethernet connection. PoE is supported on many of the new models introduced with PAN-OS 11.0, including PA-1420, PA-1410, PA-445, and PA-415.

Persistent NAT for DIPP
Some applications, such as VoIP and video, use DIPP source NAT and may require STUN. DIPP NAT uses symmetric NAT, which may have compatibility issues with STUN. To alleviate those issues, persistent NAT for DIPP provides additional support for connectivity with such applications. When you enable persistent NAT for DIPP, the binding of a private source IP address and port to a specific public (translated) source IP address and port persists for subsequent sessions that arrive having that same original source IP address and port.


Nova is off to a great start! For more information on PAN-OS 11.0 check out the New Features Guide to read about ways you can leverage the new OS in your environment. 


Thank you for taking the time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.


@JayGolf out!


1 Comment
  • 325 Subscriptions
Register or Sign-in