Security That Keeps Pace With Business

Your network is a mix of system components and data sources that impact your firewall policies. Historically, you had to manually enter and update firewall policies, following change control best practices that often led to business initiative delays.

To help eliminate the policy update time gaps that can slow the business, native management features, such as the XML API, Dynamic Address Groups and VM-Monitoring, allow you to integrate our virtualized and physical form factor next-generation firewalls with external solutions and data sources.

Dynamic Policy Updates

Automation features provide significant value in environments where rapid change is common. VM-Monitoring collects workload attributes (i.e., OS, location, application, user-defined) from the workload resource management tool and stores them as tags in PAN-OS®, which uses them to create Dynamic Address Groups. 

The security policy uses the Dynamic Address Group as a core element, updating it in real-time as workloads change or when a security incident occurs, which, in turn, drives a security policy update. The result is faster and more accurate security policy updates in response to changes in the environment.

Third-Party Solution Integration

As IT assets are deployed or retired, the asset (e.g., PC, workstation, laptop) IP address is harvested and pulled into the next-generation firewall as part of the policy update, using our XML API. The result is the elimination of potential security holes that may emerge when employees have unsecured access to the network.

The next-generation firewall can trigger automatic actions on any 3rd party system that accepts an HTTP request or exposes a REST API, and send relevant information about the triggering event. For example, you can create an HTTP request to a ticketing system, a custom-built notification tool, or an access-granting device on the network based on a security event.