What’s New in PAN-OS 6.0
© 2014 Palo Alto Networks (PAN-OS 6.0) Page 1
With the release of PAN-OS 6.0, we continue to strengthen our leadership through innovation with more than 60 new
features to prevent advanced threats, secure virtualized environments, and protect mobile devices. Here is a summary of the
new features in PAN-OS and Panorama 6.0.
WildFire Features
Additional File Type Support—As part of the WildFire subscription, the following advanced file types are now
supported: Microsoft Office .doc,.xls, and .ppt; Portable Document Format (PDF); Java Applet (jar and class); and
Android Application Package (APK). NOTE: The WF-500 does not support APK file analysis.
Expanded Sandbox Operating Systems—Microsoft Windows 7 32/bit has been added to the WildFire environment.
When a file is analyzed by WlidFire, it will be run in both Windows XP and Windows 7. On a WF-500 WildFire appliance,
you will need to select an image that will contain Windows XP or Windows 7 as well as a combination of other
applications, such as different versions of Adobe Reader, and MS Office.
WildFire Report Incorrect Verdict Option—Enables you to resubmit the sample to the Palo Alto Networks threat team
if you feel the verdict is a false positive or false negative. The threat team will perform further analysis on the sample to
determine if it should be reclassified. If a file that was previously identified as malicious is determined to be benign (false
positive), the signature for the file will be disabled in an upcoming antivirus signature update. Similarly, if a file that was
previously identified as benign is determined to be malicious (false negative), a new signature will be generated and
distributed in the next content update. After the investigation is complete, you will receive an email (if provided on the
submission form) notifying you of the outcome.
WildFire Analysis Report—The WildFire analysis report is now integrated with the logging features of the firewall and
no longer requires a WildFire subscription. In addition, several new enhancements have been made to the report,
including the ability to:
o Export the full report to a PDF.
o Download the file sample that was analyzed.
o View all processes or filter by an individual process.
o View the analysis results for each virtual machine environment in which the file was analyzed.
o Re-submit the file sample to Palo Alto Networks for reevaluation if you think the file verdict
(benign/malware) is incorrect.
WildFire Logs on the Firewall—When a firewall is configured with a file blocking profile and security policy to forward
files to WildFire for analysis, a WildFire subscription is no longer required to receive WildFire logs on the firewall.
WildFire Reporting—The WildFire detailed report is now integrated into the firewall showing session details and the
WildFire detailed report, which was previously hosted on the WildFire cloud or WildFire appliance. In addition,
Panorama no longer requires that all managed firewalls forward files to the same WildFire system as long as Panorama
and the managed firewalls are running 6.0 or later.
WildFire Submissions Log Forwarding—You can now configure the firewall to automatically forward WildFire
Submissions logs independently of the threat log forwarding configuration.
Content Inspection Features
DNS Sinkholing—DNS Sinkholing enables the firewall to forge a response to a DNS query for a known malicious
domain, causing the malicious domain name to resolve to an IP address that you define. This feature can be used to
identify infected hosts on the protected network using DNS traffic in situations where the firewall cannot see the infected
client’s DNS query (for example, when the firewall is north of the local DNS server). This feature can also be used to
redirect malicious traffic to a honeypot or any other target host.
Passive DNS—This is an opt-in feature that enables the firewall to act as a passive DNS sensor and send select DNS
information to Palo Alto Networks for analysis in order to improve threat intelligence and threat prevention capabilities.
The data collected includes non-recursive (i.e. originating from the local recursive resolver, not individual clients) DNS
query and response packet payloads. This information is used by the Palo Alto Networks threat research team to gain
insight into malware propagation and evasion techniques that abuse the DNS system as well as to improve accuracy
and malware detection abilities within PAN-DB URL filtering, DNS-based command-and-control signatures, and
WildFire. Passive DNS monitoring is a configurable feature that is disabled by default.
(14 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals