Features Introduced in July 2024
Table of Contents
Features Introduced in July 2024
Here's a preview of what’s new in Prisma SD-WAN in July
2024.
Here's a preview of the new features introduced in Prisma SD-WAN in July
2024.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
FedRAMP Moderate
The Federal Risk and Authorization Management Program (FedRAMP) is a United States
government-wide program that provides a standardized approach to security assessment,
authorization, and continuous monitoring for cloud products and services for government
users. Learn about the features are supported for use in a FedRAMPModerate environment, and
the requirements to activate a license for FedRAMP Moderate.
Fedramp requirements are security controls and well established standards for cloud
solutions intended for Cloud Service Providers managing and processing the
government data. Many government agencies mandate the Fedramp authorization. Palo
Alto Networks products and services are Fedramp Authorized to increase security,
reliability, consistency, monitoring and thereby gaining the trust and confidence of
Federal agencies.
To ensure FedRAMP Moderate compliance, Prisma SASE FedRAMP Moderate adds support for additional Prisma SASE
apps, add-ons, and certain features.
Prisma SD-WAN Support for FedRAMP Moderate Environment
Prisma SD-WAN is available as a Prisma Access add-on for new and
existing customers or as a standalone service.
New Prisma SD-WAN deployments are supported in a FedRAMP Moderate environment.
Upgrades from an existing Prisma SD-WAN deployment to a FedRAMP Moderate deployment
are not supported.
When you purchase Prisma SD-WAN for a FedRAMP Moderate deployment, Prisma SD-WAN
requires SKUs that are specific to the FedRAMP environment. Work with your
authorized Palo Alto Networks representative or partner to make sure that you
purchase the correct SKUs for your FedRAMP Moderate deployment.
Prisma SD-WAN ION device platforms ION-1200-S-5G, ION 3200, and
ION-9200 on device software version 6.1.6 are currently available for FedRAMP
Moderate deployments.
Prisma SD-WAN uses FIPS-validated encryption and hardened on-premises
ION devices as part of the Prisma SASE FedRAMP service offering.
You need to toggle from the non-FIPS to FIPS mode for the supported ION
devices from the Prisma SD-WAN web interface (controller). When you
enable FIPS mode, all cryptographic security parameters (CSPs), including the CIC
certificate, are cleared and the device is rebooted. After reboot, the device comes
up in the FIPS approved mode of operation with a new CIC provisioned by the
controller and the FIPS functionality enabled on the device.
Enable the FIPS mode on the Prisma SD-WAN web interface as shown in
the image.
Prisma SD-WAN supports the following features in a FedRAMP
Moderate environment.
- IPv6 on WAN interfaces for branch and data center ION devices
- IPv4 and IPv6 on WAN interface (dual-stack)
- VPN tunnels (IPv6 underlay & IPv4 overlay)
- WAN DHCPv6 clients
- PPPoE interfaces
- Static Routing
- DHCP for both IPv4 and IPv6 (on the same device)
- IPv6 on LAN interfaces for branch devices
- Address distribution to LAN hosts — Static configured prefix
- DHCPv6 server
- DNS as a service
- IPv6 QoS
- IPv6 Path Policy support
- Zone Based Firewall
- Route maps, Prefix Lists
- Statistics
- Prisma Access CloudBlades (Panorama Managed)
Prisma SD-WAN does not currently support the following features in a
FedRAMP environment:
- User-ID based policies
- Strata Cloud Manager web interface
- Predictive analytics
- Native integration with SASE (Easy Onboarding)
- NOC Dashboard
- Performance Policy
- OSPF LAN Routing for DC and Branch
- Virtual Routing and Forwarding
- Branch Gateway mode
- Aggregate Bandwidth Utilization Reports
- Site Templates
- WAN Clarity Reports (WCR) and Extended Analytics (DVR)
- Azure vWAN CloudBlade
- AWS Transit Gateway CloudBlade
- Email Notifications for Alarms CloudBlade
- Third-party Services CloudBlades