You asked for networking features, and we listened! Here are the top five networking features that we think have the biggest impact in PAN-OS 7.0.
The firewall now supports Equal Cost Multipath (ECMP). With ECMP enabled, the forwarding table can have up to four equal-cost paths to a single destination, which allows you to load balance traffic, use more of the available bandwidth, and have traffic dynamically shift to another ECMP member if one path fails. You can choose one of several load-balancing algorithms to determine which equal-cost path a virtual router uses for a new session to the destination.
Read more about ECMP in the PAN-OS® New Features Guide Version 7.0.
A firewall configured as a DHCP server can now send a full range of DHCP options to clients, including vendor-specific and customized options that support a wide variety of office equipment, such as IP phones and wireless infrastructure devices. Each option code supports multiple values, which can be IP addresses, ASCII text, or hexadecimal values. With the enhanced DCHP option support enabled on the firewall, branch offices do not need to purchase and manage their own DHCP servers in order to provide vendor-specific and customized options to DHCP clients.
Read more about DHCP Options in the PAN-OS® New Features Guide Version 7.0.
When you configure the firewall to block traffic, the firewall either resets the connection or silently drops packets. When the firewall silently drops packets, it causes some applications to break and appear unresponsive to the user. Therefore, we now have new actions to gracefully block traffic and provide a better user experience.
Read more about Granular Actions for Blocking Traffic in Security Policy in the PAN-OS® New Features Guide Version 7.0.
You can now enable QoS on AE interfaces configured on PA-5000 Series, PA-3000 Series, PA-2000 Series, and PA-500 platforms. An AE interface is two or more interfaces linked together for combined bandwidth and link redundancy. When using AE interfaces to scale your network, enable QoS on an AE interface to prioritize, allocate, and guarantee the increased bandwidth supported on the AE interface. Support for QoS on AE interfaces on PA-7050 firewalls began in PAN-OS 6.0.0.
Read more about Quality of Service in the PAN-OS® Administrator’s Guide Version 7.0.
Site-to-site IPSec VPN is enhanced to support Internet Key Exchange Version 2 (IKEv2), in addition to IKEv1. (GlobalProtect Client is not included in this feature support.) IKEv2:
Read more about IKEv2 in the PAN-OS® New Features Guide Version 7.0.
Check out the PAN-OS® 7.0 Release Notes and PAN-OS® Administrator’s Guide Version 7.0 on the Technical Documentation Site, or select the 7.0 facet (under OS Version) on the Document Search page!
Happy reading!
Your friendly Technical Publications team
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.