: Features Introduced in July 2024
Focus
Focus

Features Introduced in July 2024

Table of Contents

Features Introduced in July 2024

Here's a preview of what’s new in Prisma SD-WAN in July 2024.
Here's a preview of the new features introduced in Prisma SD-WAN in July 2024.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Prisma SD-WAN

FedRAMP Moderate

The Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services for government users. Learn about the features are supported for use in a FedRAMPModerate environment, and the requirements to activate a license for FedRAMP Moderate.
Fedramp requirements are security controls and well established standards for cloud solutions intended for Cloud Service Providers managing and processing the government data. Many government agencies mandate the Fedramp authorization. Palo Alto Networks products and services are Fedramp Authorized to increase security, reliability, consistency, monitoring and thereby gaining the trust and confidence of Federal agencies.
To ensure FedRAMP Moderate compliance, Prisma SASE FedRAMP Moderate adds support for additional Prisma SASE apps, add-ons, and certain features.

Prisma SD-WAN Support for FedRAMP Moderate Environment

Prisma SD-WAN is available as a Prisma Access add-on for new and existing customers or as a standalone service.
New Prisma SD-WAN deployments are supported in a FedRAMP Moderate environment. Upgrades from an existing Prisma SD-WAN deployment to a FedRAMP Moderate deployment are not supported.
When you purchase Prisma SD-WAN for a FedRAMP Moderate deployment, Prisma SD-WAN requires SKUs that are specific to the FedRAMP environment. Work with your authorized Palo Alto Networks representative or partner to make sure that you purchase the correct SKUs for your FedRAMP Moderate deployment.
Prisma SD-WAN ION device platforms ION-1200-S-5G, ION 3200, and ION-9200 on device software version 6.1.6 are currently available for FedRAMP Moderate deployments.
Prisma SD-WAN uses FIPS-validated encryption and hardened on-premises ION devices as part of the Prisma SASE FedRAMP service offering.
You need to toggle from the non-FIPS to FIPS mode for the supported ION devices from the Prisma SD-WAN web interface (controller). When you enable FIPS mode, all cryptographic security parameters (CSPs), including the CIC certificate, are cleared and the device is rebooted. After reboot, the device comes up in the FIPS approved mode of operation with a new CIC provisioned by the controller and the FIPS functionality enabled on the device.
Enable the FIPS mode on the Prisma SD-WAN web interface as shown in the image.
Prisma SD-WAN supports the following features in a FedRAMP Moderate environment.
  • IPv6 on WAN interfaces for branch and data center ION devices
  • IPv4 and IPv6 on WAN interface (dual-stack)
  • VPN tunnels (IPv6 underlay & IPv4 overlay)
  • WAN DHCPv6 clients
  • PPPoE interfaces
  • Static Routing
  • DHCP for both IPv4 and IPv6 (on the same device)
  • IPv6 on LAN interfaces for branch devices
  • Address distribution to LAN hosts — Static configured prefix
  • DHCPv6 server
  • DNS as a service
  • IPv6 QoS
  • IPv6 Path Policy support
  • Zone Based Firewall
  • Route maps, Prefix Lists
  • Statistics
  • Prisma Access CloudBlades (Panorama Managed)
Prisma SD-WAN does not currently support the following features in a FedRAMP environment:
  • User-ID based policies
  • Strata Cloud Manager web interface
  • Predictive analytics
  • Native integration with SASE (Easy Onboarding)
  • NOC Dashboard
  • Performance Policy
  • OSPF LAN Routing for DC and Branch
  • Virtual Routing and Forwarding
  • Branch Gateway mode
  • Aggregate Bandwidth Utilization Reports
  • Site Templates
  • WAN Clarity Reports (WCR) and Extended Analytics (DVR)
  • Azure vWAN CloudBlade
  • AWS Transit Gateway CloudBlade
  • Email Notifications for Alarms CloudBlade
  • Third-party Services CloudBlades