PAN-OS 11.2 Quasar Helps Customers Secure Networks Everywhere, Faster

May 02, 2024
4 minutes

The future of secure networking is here with PAN-OS 11.2 Quasar, Quantum-Safe VPN, ADEM for next-generation firewalls, Advanced DNS Security and the introduction of new ruggedized next-generation firewalls.

Today, Palo Alto Networks is pleased to announce PAN-OS 11.2 Quasar, the next step in the evolution of network security. With this latest upgrade to our industry-leading PAN-OS software, Palo Alto Networks continues to deliver on our commitment to ensuring each day is more secure than the last. We are advancing prevention capabilities and making it easier to optimize, manage and operate your network security estate everywhere it needs to be.

Quantum-Safe VPN Extended

Post-quantum cryptography (PQC) is the next generation of cryptographic algorithms that replace classic algorithms, such as Diffie Hellman, RSA and the elliptic curve, vulnerable to quantum computers. With new support for RFC 9242 and RFC 9370, PAN-OS 11.2 Quasar extends the post-quantum safe VPN introduced in PAN-OS 11.1 Cosmos and enables the use of PQC algorithms to create quantum-safe hybrid keys.

For customers, since quantum attacks can use a harvest now, decrypt later (HNDL) technique, migrating to a PQC-based, site-to-site VPN with crypto-agility mitigates the threat of attackers being able to decrypt harvested VPN traffic when a cryptographically relevant quantum computer (CRQC) becomes available in the future. This will enable customers to meet the requirements of the US government's National Security Memorandum (NSM-10) to build standards-based quantum-resistant IT systems.

ADEM Support Provides Application Performance and Rapid Problem Identification

We’re also pleased to announce Autonomous Digital Experience Management (ADEM) support for next-generation firewalls in PAN-OS 11.2 Quasar. This feature supports two use cases to monitor our customer’s network experience:

  • Mobile GlobalProtect users connecting to the NGFW GlobalProtect Gateway.
  • PAN-OS SD-WAN Branches connecting to their PAN-OS SD-WAN Hub.

With ADEM integrated into PAN-OS 11.2, ADEM provides application performance visibility with rapid problem identification capabilities.

Advanced DNS Security Extends Threat Coverage

With the addition of Advanced DNS Security, Palo Alto Networks is enhancing its already industry-leading DNS Security solution.

  • Real-time DNS hijacking detection: With inline DNS response analysis, Advanced DNS Security is the industry’s first solution to stop network-based DNS hijacking attacks in real time.
  • Simple and automated configuration management: Proactively block access to misconfigured domains through automated discovery and monitoring of a customer’s public-facing domains.
  • Improved threat coverage: With an increase of 22% in threat coverage, this capability provides 2X more threat coverage than the next leading security vendor.

These innovations allow customers to secure their DNS traffic end to end, providing a safer and more reliable online experience for their users and ensuring business continuity.

New Ruggedized PA-400R Series Brings Security to Harsh Environments

In addition to our latest innovations in PAN-OS 11.2 Quasar, we are introducing new appliances in the PA-400R Series of ruggedized next-generation firewalls. This series includes three new offerings: the PA-410R, PA-410R-5G and PA450R-5G, which build on our recent introduction of the PA-450R.

These appliances provide best-in-class performance and security for our ruggedized customers needing flexibility, portability and the ability to survive the harshest environments. They include a 5G integrated modem and DIN rail mount features.

Additional Features Within Quasar PAN-OS 11.2

Many more features are included in Quasar PAN-OS 11.2 that users can leverage that were not covered in this blog. The new, wide range of features available includes:

  • Encrypted DNS Support (DOH/DOT) for DNS Proxy & Management
  • Local Deep Learning for Advanced Threat Prevention
  • User-ID & Advanced Threat Prevention (ATP) on CN-Series
  • Virtual System Support (VSYS) on VM-Series

For information on all features available and more technical details, be sure to review our TechDocs.

Support Duration and End-of-Life Policy of PAN-OS for NGFW

Palo Alto Networks has continued to provide advanced security capabilities that protects customers against advanced network attacks. New hardware models have also been released, including those supporting 5G cellular and ruggedized models, for deployments in a variety of scenarios. These updates are typically released on an annual basis to solve continuously changing security needs. Our previous end-of-life policy, similar to the rest of industry, supported a major version (often called innovation or feature release) for two years, and a minor version (commonly called stable version) for three years. This has led to some customers choosing the longer term supported versions, skipping the shorter term versions and often waiting three years before adopting a new version.

Going forward, from PAN-OS 11.2 Quasar onwards, the end-of-life duration for next-generation firewalls for both major and minor PAN-OS versions will be 36 months from the last day of the month of release. This means that 12.1, 12.2 and newer releases will all have 3 years of support. This change will allow customers to upgrade to any  version of PAN-OS rather than skip a version with a shorter-term support period. This change applies to PAN-OS EoL policy and does not change the hardware EoL policy.

Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.