>
    New Features in March 2024
    Focus
    Focus
    1. Home
    2. Next-Generation Firewall
    3. New Features for AIOps for NGFW
    4. New Features in March 2024
    Next-Generation Firewall

    New Features in March 2024

    Table of Contents

    New Features in March 2024

    These are the new features introduced in March 2024 for AIOps for NGFW Free, and for AIOps for NGFW Premium.
    These are the new features introduced in March 2024 for AIOps for NGFW Free, and for AIOps for NGFW Premium (use Strata Cloud Manager app). AIOps for NGFW Premium updates include new features to support Cloud Management for NGFWs.

    AIOps for NGFW: NGFW/Panorama Management Certificate Expiration Alert

    March 1, 2024
    Introducing the NGFW/Panorama Management Certificate Expiration alert that detects the upcoming expiration of the NGFW or Panorama Management certificate on devices by April 7, 2024. When these certificates expire, it results in a loss of connection between Panorama and NGFWs, M-Series appliances operating in PAN-DB private cloud mode, WildFire appliances (WF500/B), and Peer Panoramas, regardless of their management or Log Collector modes. Consequently, expired certificates compromise centralized management and visibility, posing security risks and operational inefficiencies. This alert helps you identify the PAN-OS devices within your network that are susceptible to this issue and provides information about the remediation options.
    Supported on AIOps for NGFW Free and Strata Cloud Manager with AIOps for NGFW Premium license.
    The NGFW/Panorama Management Certificate Expiration alert assesses the following criteria:
    • Checks if Panorama is managing the device.
    • Checks if the device is running a minor version lower than the specified version in Table 2: Target Upgrade Versions.
    • Checks if a custom certificate is being used for Device-Panorama connectivity.
    • Checks if the dynamic content update version is greater than or equal to 8795-8489 on all NGFWs, Panorama, and log collectors.
    • Checks if the firewall has rebooted at least once after the content package update.
    This alert is triggered if it meets all the following conditions:
    1. Panorama manages the device.
      Unmanaged devices and those managed by Strata Cloud Manager are exempt.
    2. The device is running an older software version and it's not using a custom certificate for Panorama-NGFW-LC connectivity.
    3. The device either has a content package version prior to 8795-8489 or a version exceeding 8795-8489 but has not undergone a reboot since the content package installation.
    If these conditions are met, a critical alert is generated notifying you about NGFW/Panorama management certificate expiry.
    The device remains unaffected if either condition 1 or 2 fails. If this alert is active, it's closed upon the failure of either condition 1 or 2.
    Health alerts actively monitor the health and performance of your platform in real-time. This approach helps in identifying issues, predicting potential problems, and implementing remediation actions to ensure your devices function optimally. Here are some key aspects:
    • Monitoring Metrics: Continuously monitor various metrics from the NGFWs, including CPU utilization, memory usage, disk space, network throughput, and other relevant performance indicators.
    • Anomaly Detection: Generate alerts that dynamically adjust based on the metric's historical value and your usage trends.
    • Predictive Analysis: Predict when certain thresholds exceed or when specific events occur by analyzing historical data and patterns. This helps forecast potential issues before they escalate.

    AIOps for NGFW: Probable Cause Analysis with CDL

    March 1, 2024
    The probable cause analysis is enhanced to use the Strata Logging Service (CDL) logs and provide additional metadata to identify the probable cause that led to the creation of an alert or incident. This analysis enables pinpointing the policies, applications, source zones, URLs, source IPs, and regions potentially causing the alert, thereby facilitating appropriate remediation actions. For instance, when session exhaustion triggers an Adverse Resource Usage alert, you can utilize the probable cause analysis to identify the primary contributors to the alert and follow the suggested remediation recommendations.
    Supported on Strata Cloud Manager with AIOps for NGFW Premium license.
    To troubleshoot the issues that cause alerts, AIOps for NGFW leverages advanced AI capabilities to provide probable causes for alerts. By reviewing these probable causes, you can identify the source of the issue and follow the provided recommendations for resolving it. This feature ensures optimal network performance by mitigating disruptions and maximizing the effectiveness of your cybersecurity solution.

    © 2024 Palo Alto Networks, Inc. All rights reserved.