: Device-ID Visibility and Policy Rule Recommendations in PAN-OS
Focus
Focus

Device-ID Visibility and Policy Rule Recommendations in PAN-OS

Table of Contents

Device-ID Visibility and Policy Rule Recommendations in PAN-OS

Learn about improvements in Device-ID visibility and Security rule recommendations that were made in PAN-OS 11.1.
When next-generation firewalls subscribe to IoT Security services, they send the IoT Security instance that’s in the same tenant service group (TSG) Traffic logs for analysis. IoT Security uses AI and machine learning to automatically discover and identify network-connected devices and then construct a data-rich, dynamically updating inventory. From PAN-OS 11.1, administrators can see this inventory directly in the PAN-OS web interface without having to open the IoT Security portal, which is the only place this information appears when IoT Security is integrated with firewalls running earlier PAN-OS releases. For further Device-ID visibility, the PAN-OS 11.1 web interface also shows a summary of the 10 most common device categories, profiles, and operating systems on the network learned from IoT Security.
In addition to identifying devices, IoT Security analyzes network behaviors to determine a baseline of normal, acceptable behaviors. It then generates policy rule recommendations that would allow devices to continue their normal network behaviors while denying behaviors that deviate from the norm. PAN-OS administrators can view these recommendations in the PAN-OS 11.1 web interface, select the ones they want their firewalls to apply, and import them into the Security policy rulebase. When using a PAN-OS release prior to PAN-OS 11.1, it was necessary to create policy rule sets in the IoT Security portal and activate them before they appeared in the PAN-OS interface. To simplify the workflow, these steps have been eliminated in PAN-OS 11.1.
From PAN-OS 11.1, you can see and manage the device inventory and top 10 common device categories, profiles, and operating systems in the PAN-OS interface. You also no longer need to create and activate policy rule sets in IoT Security. As a result, IoT device visibility is more convenient and policy rule creation is simplified.