What's New
in PAN-OS 8.1

A wealth of innovations to secure clouds, networks and organizations.

Keeping you a step ahead

Introducing PAN-OS® 8.1, the latest release of the software that powers our next-generation firewalls. The new features and innovations of PAN-OS 8.1 will help you accelerate your adoption of next-generation security and protect your organization from a wide range of threats.


Simplified application security

App-ID™ technology identifies the applications traversing your network so you can safely enable desired applications and block unwanted ones. With PAN-OS 8.1, it’s easier to move to and maintain an application-based security policy. New features include:

Application filter to allow new App-IDs – Temporarily allow new apps, so you can be sure newly released apps will not accidentally block traffic you intended to allow. That gives you time to perform a review of your policy and make updates.

Better tools to assess the effect of App-IDs – Get insight into newly categorized application activity and the effect of the new App-IDs on your traffic.

Rule usage tracker to eliminate security risks – Remove unused security rules by understanding when a rule was last hit, which eliminates holes that create security risks.



Controlling risk in SaaS applications

SaaS applications host sensitive data, and IT needs to ensure that data is stored in secure and compliant SaaS services. With the new SaaS application characteristics in App-ID, you can reduce risk based on hosting characteristics of SaaS applications. You can view detailed risk profile and usage statistics for the applications on your network; quickly identify and explore risky applications to determine which you should allow in your environment; and prevent future violations by enabling granular policy control.



Streamlined SSL decryption

Decryption Broker provides smarter, simpler decryption

The next-generation firewall Decryption Broker, an innovation introduced with PAN-OS 8.1, overcomes the challenges of supporting devices that complement next-generation firewalls. Now you can decrypt once and share decrypted traffic with other devices easily. All complementary devices are inline, enabling enforcement on each device and maximizing security. The Decryption Broker is a natural extension to decryption on the next-generation firewall, simplifying the management and troubleshooting of the solution.



Performance boost with new hardware systems

At the internet edge

The new PA-3200 Series appliances deliver up to 5x performance increase, up to 7x decryption performance increase, up to 20x decryption session capacity increase compared to existing hardware for the internet edge, and 1G/10G/40G interfaces for flexible connectivity options.


In harsh environments

The new PA-220R ruggedized next-generation firewall brings you the same PAN-OS features that protect your largest data centers; offers an extended temperature range; and is certified to IEEE 1613 and IEC 61850-3 standards for vibration, temperature and immunity to electromagnetic interference. It provides interactive visibility and control of industrial protocols and applications, such as Modbus, DNP3, IEC 60870-5-104, Siemens S7, OSIsoft PI® and more.



For high-performance data centers and mobile networks

The PA-5280, the latest addition to the PA-5200 Series appliances, prevents threats and safely enables applications in mobile network environments and large enterprise data centers. The PA-5280 offers security at throughput speeds of up to 68 Gbps and session capacity of up to 64 million.




Improved management efficiency and performance

Panorama™ management 8.1 includes new features that provide even greater efficiency for teams managing physical and virtual appliances running PAN-OS. Using variables in templates, you can now leverage common configurations across many devices while substituting device-specific values in place of IP addresses, IP ranges, FQDNs and more.

With device health monitoring, Panorama provides a deployment-wide view into the health and status of your next-generation firewalls. Trending of critical system resources up to 90 days helps you identify gradual changes in your environment. Proactive monitoring automatically creates alerts when substantial changes occur in the utilization of critical device resources, ensuring you’re the first to know. And new M-600 and M-200 appliances deliver high-performance management.



Panorama deployment flexibility

PAN-OS 8.1 enables you to deploy Panorama on public clouds. Its distributed architecture allows you to scale Panorama using the concept of modes, namely Panorama, Management Only or Log Collector. The choice of on-premise, private and public cloud environments provides maximum deployment flexibility. You can also use Panorama in conjunction with Palo Alto Networks® Cortex Data Lake.



Advanced threat detection and prevention

Advancing detection

PAN-OS 8.1 enhances the detection of evasive zero-day malware in the WildFire® threat analysis service. New capabilities include the dynamic unpacking module, which defeats packing techniques used by attackers to evade detection.

Prevention everywhere

PAN-OS 8.1 extends the visibility of WildFire into zero-day malware targeting Linux servers and IoT devices. Additionally, WildFire can now detect and prevent malware from moving freely inside the network with SMB protocol support. And it can find malware hiding in less common file archive formats, including RAR and 7-Zip.

Rich data for analytics

Enhanced application logs evolve next-generation firewalls into advanced network sensors for analytics, including Cortex apps. Cortex XDR uses this data to allow customers to identify advanced attacks, insider threats and malware, with precision.

Security enhancements for public cloud platforms

PAN-OS 8.1 expands the inline security capabilities of VM-Series virtual next-generation firewalls for public cloud workloads.

With advanced automation capabilities

Our auto-scaling capabilities are now easier, more efficient and more scalable for AWS environments. We’ve enabled a new use case with the Transit VPC architecture, which automates the inclusion of security within AWS workloads, and much more.

More about AWS

Integrated with Azure Security Center

Previous integrations with Azure have now been extended into Azure Security Center and Application Insights, both of which make it easier to implement automated processes, monitor resources and drive additional scalability.

More about Azure

Supported on Google Cloud Platform

VM-Series threat and data loss prevention is now available for GCP workloads, including support for Google Marketplace, automated deployments, policy updates and more.

More about Google

Get your knowledge on