Palo Alto Networks® Compatibility Matrix

Total Page:16

File Type:pdf, Size:1020Kb

Palo Alto Networks® Compatibility Matrix Palo Alto Networks® Compatibility Matrix paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support About the Documentation • For the most recent version of this guide or for access to related documentation, visit the Technical Documentation portal www.paloaltonetworks.com/documentation. • To search for a specific topic, go to our search page www.paloaltonetworks.com/documentation/ document-search.html. • Have feedback or questions for us? Leave a comment on any page in the portal, or write to us at [email protected]. Copyright Palo Alto Networks, Inc. www.paloaltonetworks.com © 2016-2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at www.paloaltonetworks.com/company/ trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. Last Revised March 3, 2020 2 PALO ALTO NETWORKS® COMPATIBILITY MATRIX | Table of Contents Supported OS Releases by Model.................................................................. 7 Palo Alto Networks Next-Gen Firewalls............................................................................................... 9 Palo Alto Networks Appliances.............................................................................................................11 HA Port and Processor Support........................................................................................................... 12 VM-Series Firewalls..........................................................................................15 VM-Series Firewall Hypervisor Support..............................................................................................17 Partner Interoperability for VM-Series Firewalls.............................................................................. 25 Ciena................................................................................................................................................25 Cisco Cloud Services Platform..................................................................................................25 Cisco Enterprise Computer System (ENCS)...........................................................................26 Citrix SD-WAN............................................................................................................................. 27 Juniper NFX Network Services Platform............................................................................... 28 NSX SD-WAN by VeloCloud.................................................................................................... 28 Nuage Networks...........................................................................................................................29 Nutanix............................................................................................................................................29 Versa Networks............................................................................................................................ 30 Vyatta.............................................................................................................................................. 30 VM-Series Plugin.......................................................................................................................................31 AWS and AWS Gov Cloud Regions.....................................................................................................33 Azure Regions............................................................................................................................................ 35 Google Cloud Regions............................................................................................................................. 36 Alibaba Cloud Regions.............................................................................................................................37 VM-Series Firewall Amazon Machine Images (AMI) List................................................................ 38 Images for PAN-OS 9.0..............................................................................................................38 Images for PAN-OS 8.1..............................................................................................................39 Images for PAN-OS 8.0..............................................................................................................40 Images for PAN-OS 7.1.11........................................................................................................ 43 PAN-OS Images for AWS GovCloud.......................................................................................44 Panorama............................................................................................................ 45 Panorama Plugins......................................................................................................................................47 VMware NSX.................................................................................................................................47 Cloud Services...............................................................................................................................48 Interconnect...................................................................................................................................48 Public Cloud-AWS, Azure, GCP................................................................................................49 Cisco ACI........................................................................................................................................ 50 VMware vCenter.......................................................................................................................... 51 Cisco TrustSec...............................................................................................................................51 Nutanix............................................................................................................................................51 SD-WAN.........................................................................................................................................52 Panorama Hypervisor Support.............................................................................................................. 53 MFA Vendor Support...................................................................................... 55 MFA Vendor Support.............................................................................................................................. 57 TABLE OF CONTENTS iii Supported Cipher Suites................................................................................. 59 Cipher Suites Supported in PAN-OS 9.1............................................................................................ 61 PAN-OS 9.1 GlobalProtect Cipher Suites..............................................................................61 PAN-OS 9.1 IPSec Cipher Suites............................................................................................. 62 PAN-OS 9.1 IKE and Web Certificate Cipher Suites.......................................................... 63 PAN-OS 9.1 Decryption Cipher Suites...................................................................................64 PAN-OS 9.1 Administrative Session Cipher Suites..............................................................66 PAN-OS 9.1 HA1 SSH Cipher Suites......................................................................................67 PAN-OS 9.1 PAN-OS-to-Panorama Connection Cipher Suites........................................68 PAN-OS 9.1 Cipher Suites Supported in FIPS-CC Mode...................................................68 Cipher Suites Supported in PAN-OS 9.0............................................................................................ 72 PAN-OS 9.0 GlobalProtect Cipher Suites..............................................................................72 PAN-OS 9.0 IPSec Cipher Suites............................................................................................. 73 PAN-OS 9.0 IKE and Web Certificate Cipher Suites.......................................................... 74 PAN-OS 9.0 Decryption Cipher Suites...................................................................................75 PAN-OS 9.0 Administrative Session Cipher Suites..............................................................77 PAN-OS 9.0 HA1 SSH Cipher Suites......................................................................................78 PAN-OS 9.0 PAN-OS-to-Panorama Connection Cipher Suites........................................79 PAN-OS 9.0 Cipher Suites Supported in FIPS-CC Mode...................................................79 Cipher Suites Supported in PAN-OS 8.1............................................................................................ 83 PAN-OS 8.1 GlobalProtect Cipher Suites..............................................................................83 PAN-OS 8.1 IPSec Cipher Suites............................................................................................. 84 PAN-OS 8.1 IKE and Web Certificate Cipher Suites.......................................................... 85 PAN-OS 8.1 Decryption Cipher Suites...................................................................................86
Recommended publications
  • Parameters of Palo.Exe
    Parameters of Palo.exe The Palo parameters have a short and a long form. On the command line, the short form has one dash (-) in front; the long form has two dashes (- -) in front. Examples: palo -? / palo – -help. Palo.exe gets these parameters as command line arguments and/or via the palo.ini file. Please see Order of command execution at the end of this document. In the file …\Jedox Suite\olap\data\palo.ini.sample you can find descriptions and examples of how to use parameters in the palo.ini. Short Long form Argument(s) Description / Example(s) Default value form ? help Displays the parameters of palo.exe. False Only for the command line. On/off switch. a admin <address> <port> Http interface with server browser and online documentation. An address can be a server name, an internet address or “” for all server internet addresses. Port is a number: admin 192.168.1.2 7777 admin localhost 7770 admin “” 7778 A auto-load Loads all databases on server start into memory True which are defined in the palo.csv. On/off switch. b cache-barrier <max number Sets the max number of cells to store in each cube 100000000 of cells to store cache. in each cube cache> cache-barrier 150000000 cache-barrier 0 (sets cache-barrier to 0). B auto-commit Commits all changes on server shutdown. True On/off switch. Copyright © Jedox AG c crypt Turns on encrypting of the database files. Newly False saved files are encrypted if this is set using the Blowfish algorithm. On/off switch.
    [Show full text]
  • Vm-Series on Amazon Web Services
    VM-SERIES ON AMAZON WEB SERVICES Many organizations are moving their application development and production workloads to Amazon Web Services (AWS) with a goal of minimizing their physical data center presence over time. The VM-Series on AWS enables you to protect applications and data on AWS with next-generation firewall and threat prevention features. Security Challenges in the Public Cloud VM-Series on AWS Use Cases Organizations worldwide are expanding their use of AWS® at an Hybrid Cloud unprecedented pace. However, security, workflow automation, and how to build scalable, resilient cloud-centric architectures • Securely extend your application development and are key challenges that must be addressed. The VM-Series on testing environment onto AWS across a site-to-site AWS solves these challenges, enabling you to: IPsec VPN or AWS Direct Connect. • Protect your AWS workloads through unmatched applica- Segmentation Gateway tion visibility, control and advanced threat prevention. • Maintain separation of confidential data from other • Simplify management and automate security policy updates traffic for security and compliance purposes by as your AWS workloads change. controlling applications across VPCs and subnets while blocking threats. • Build secure, cloud-centric architectures that are scalable and highly available. Internet Gateway The VM-Series allows new cloud customers to protect their • Protect web-facing applications from advanced workloads with next-generation security features that deliver threats while securely enabling direct access to web- superior visibility, control and threat prevention at the appli- based developer tools and resources. cation level when compared to other cloud- oriented security solutions. Existing customers will reap the benefits of a security GlobalProtect feature set that mirrors those protecting their physical networks • Extend perimeter firewall and threat prevention and delivers a consistent security posture from the network to policies to remote users and mobile devices with the cloud.
    [Show full text]
  • The Role of Multidimensional Databases in Modern Organizations
    Vol.IV (LXVII) 95 - 102 Economic Insights – Trends and Challenges No. 2/2015 The Role of Multidimensional Databases in Modern Organizations Ana Tănăsescu Faculty of Economic Sciences, Petroleum-Gas University of Ploieşti, Bd. Bucureşti 39, 100680, Ploieşti, Romania e-mail: [email protected] Abstract The relational databases represent an ineffective data storage method when organizations manipulate a large amount of heterogeneous data and must realize complex analyses on these data. Thus, a new concept is required, the multidimensional database concept. In this paper the multidimensional database concept will be presented, its characteristics will be described, a comparative analysis between multidimensional databases and relational databases will be realized and a multidimensional database will be presented. This database was designed using Palo for Excel tool and can be used in order to analyse the academic staff research activity from a faculty. Keywords: multidimensional databases; multidimensional modelling; relational databases JEL Classification: C63; C81 Introduction The large amount of heterogeneous data accumulated by organizations represents one of the reasons why organizations need a technology that allows them to quickly achieve complex analyses on these data. Because the relational databases are ineffective from this point of view, a new concept is required, the multidimensional database concept. Annually, a large volume of information regarding the teaching and research activity of the academic staff from faculty departments is accumulated. The departments’ managers as well as the teaching process and research activity responsible persons must, periodically, elaborate reports, synthesizing the information accumulated in different time periods. A multidimensional database where this information will be stored is required to be designed in order to streamline their activity.
    [Show full text]
  • VM-Series on AWS • Complements Native AWS Security with Application Enablement Policies That Prevent Threats and Data Loss
    VM-Series on AWS • Complements native AWS security with application enablement policies that prevent threats and data loss. VM-Series on AWS • Allows you to transparently Palo Alto Networks VM-Series Virtual Next-Generation embed security in the application ® development process through Firewalls protect your Amazon Web Services (AWS ) automation and centralized workloads with next-generation security features that management. allow you to confidently and quickly migrate your business- • Enables security to scale dynamically critical applications to the cloud. AWS CloudFormation yet independently of your workloads through integration with AWS Auto Templates and third-party automation tools allow you to Scaling and Elastic Load Balancing. embed the VM-Series in your application development • Cost-effectively protects lifecycle to prevent data loss and business disruption. deployments with many VPCs through a transit VPC architecture. Strata by Palo Alto Networks | VM-Series on AWS | Datasheet 1 As AWS becomes the dominant deployment platform for your User-Based Policies Improve Security Posture business-critical applications, protecting the increased public Integration with on-premises user repositories, such as cloud footprint from threats, data loss, and business disruption Microsoft Exchange, Active Directory®, and LDAP, lets remains challenging. The VM-Series on AWS solves these you grant access to critical applications and data based on challenges, enabling you to: user credentials and needs. For example, your developer • Protect your AWS workloads through unmatched application group can have full access to the developer VPC while only visibility and precise control. IT administrators have RDP/SSH access to the production • Prevent threats from moving laterally between workloads VPC.
    [Show full text]
  • The Cedar Programming Environment: a Midterm Report and Examination
    The Cedar Programming Environment: A Midterm Report and Examination Warren Teitelman The Cedar Programming Environment: A Midterm Report and Examination Warren Teitelman t CSL-83-11 June 1984 [P83-00012] © Copyright 1984 Xerox Corporation. All rights reserved. CR Categories and Subject Descriptors: D.2_6 [Software Engineering]: Programming environments. Additional Keywords and Phrases: integrated programming environment, experimental programming, display oriented user interface, strongly typed programming language environment, personal computing. t The author's present address is: Sun Microsystems, Inc., 2550 Garcia Avenue, Mountain View, Ca. 94043. The work described here was performed while employed by Xerox Corporation. XEROX Xerox Corporation Palo Alto Research Center 3333 Coyote Hill Road Palo Alto, California 94304 1 Abstract: This collection of papers comprises a report on Cedar, a state-of-the-art programming system. Cedar combines in a single integrated environment: high-quality graphics, a sophisticated editor and document preparation facility, and a variety of tools for the programmer to use in the construction and debugging of his programs. The Cedar Programming Language is a strongly-typed, compiler-oriented language of the Pascal family. What is especially interesting about the Ce~ar project is that it is one of the few examples where an interactive, experimental programming environment has been built for this kind of language. In the past, such environments have been confined to dynamically typed languages like Lisp and Smalltalk. The first paper, "The Roots of Cedar," describes the conditions in 1978 in the Xerox Palo Alto Research Center's Computer Science Laboratory that led us to embark on the Cedar project and helped to define its objectives and goals.
    [Show full text]
  • Open Source As an Alternative to Commercial Software
    OPEN-SOURCE AS AN ALTERNATIVE TO COMMERCIAL SOFTWARE Final Report 583 Prepared by: Sean Coleman 2401 E Rio Salado Pkwy. #1179 Tempe, Arizona 85281 March 2009 Prepared for: Arizona Department of Transportation 206 South 17th Avenue Phoenix, Arizona 85007 in cooperation with U.S. Department of Transportation Federal Highway Administration The contents of this report reflect the views of the authors who are responsible for the facts and the accuracy of the data presented herein. The contents do not necessarily reflect the official views or policies of the Arizona Department of Transportation or the Federal Highway Administration. This report does not constitute a standard, specification, or regulation. Trade or manufacturers’ names which may appear herein are cited only because they are considered essential to the objectives of the report. The U.S. Government and the State of Arizona do not endorse products or manufacturers. TECHNICAL REPORT DOCUMENTATION PAGE 1. Report No. 2. Government Accession No. 3. Recipient’s Catalog No. FHWA-AZ-09-583 4. Title and Subtitle 5. Report Date: March, 2009 Open-Source as an Alternative to Commercial Software 6. Performing Organization Code 7. Authors: 8. Performing Organization Sean Coleman Report No. 9. Performing Organization Name and Address 10. Work Unit No. Sean Coleman 11. Contract or Grant No. 2401 E Rio Salado Pkwy, #1179 SPR-583 Tempe, AZ 85281 12. Sponsoring Agency Name and Address 13. Type of Report & Period Arizona Department of Transportation Covered 206 S. 17th Ave. Phoenix, AZ 85007 14. Sponsoring Agency Code Project Managers: Frank DiBugnara, John Semmens, and Steve Rost 15. Supplementary Notes 16.
    [Show full text]
  • Area 1 Security & Palo Alto Networks Solution Brief
    AREA 1 SECURITY & PALO ALTO NETWORKS SOLUTION BRIEF Preemptive, comprehensive protection from phishing attacks Fortify Network Phishing attacks, the cause of 95 percent of cybersecurity-related Defenses and Stop data breaches and financial loss, continue to evade security defenses. Phishing Attacks Detecting and protecting from these attacks is complicated by the fact that the attacks are often multi-vector, meaning that they impact email, Close the Phishing Security Gap. web, and network traffic. Further complicating defense, these attacks are dynamic, hackers often launch and shut down phishing sites and Area 1 Security plus payloads in a matter of hours to evade detection. Palo Alto Networks: • Deploy and integrate in minutes • Protects across all PHISHING ATTACK VECTORS attack vectors - network, web Attacks often start by tricking a victim into unknowingly downloading malware that is and email traffic hidden in an email file attachment or on a web page. Once the victim’s device is infected, a hacker can gain access to their network and systems. From there, the attacker can • Stops web-based establish communication with external phishing sites to exfiltrate data and download phishing such as credential harvest more malware, further infecting systems to achieve their malicious objectives. To protect and dropper attacks from attacks, organizations need phishing security solutions that can detect and block threats across all attack vectors, including email, web, and network. • Thwarts network phishing activity including attacker lateral movement, command and control traffic and data exfiltration PHISHING SITES AND CAMPAIGNS ARE DYNAMIC • Automated When executing phishing campaigns, hackers often first compromise trusted websites Mindmeld updates and email servers, or establish imposter websites and email accounts—weeks or even facilitate security months in advance of a planned attack.
    [Show full text]
  • Taxonomies of Visual Programming and Program Visualization
    Taxonomies of Visual Programming and Program Visualization Brad A. Myers September 20, 1989 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213-3890 [email protected] (412) 268-5150 The research described in this paper was partially funded by the National Science and Engineering Research Council (NSERC) of Canada while I was at the Computer Systems Research Institute, Univer- sity of Toronto, and partially by the Defense Advanced Research Projects Agency (DOD), ARPA Order No. 4976 under contract F33615-87-C-1499 and monitored by the Avionics Laboratory, Air Force Wright Aeronautical Laboratories, Aeronautical Systems Division (AFSC), Wright-Patterson AFB, OH 45433-6543. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the of®cial policies, either expressed or implied, of the Defense Advanced Research Projects Agency of the US Government. This paper is an updated version of [4] and [5]. Part of the work for this article was performed while the author was at the University of Toronto in Toronto, Ontario, Canada. Taxonomies of Visual Programming and Program Visualization Brad A. Myers ABSTRACT There has been a great interest recently in systems that use graphics to aid in the programming, debugging, and understanding of computer systems. The terms ``Visual Programming'' and ``Program Visualization'' have been applied to these systems. This paper attempts to provide more meaning to these terms by giving precise de®nitions, and then surveys a number of sys- tems that can be classi®ed as providing Visual Programming or Program Visualization. These systems are organized by classifying them into three different taxonomies.
    [Show full text]
  • Best Practices: Protecting Vulnerable Systems
    BEST PRACTICES NETWORK – PROTECTING SYSTEMS AND APPLICATIONS FROM VULNERABILITIES Preventing known threats Vulnerabilities exist in nearly every piece of software, and they plague not only users of systems and applications who need to secure themselves against attackers but also the de- velopment teams who create and maintain secure products for their customers. Even when continuous code scanning and penetration testing is done, and vulnerabilities are found and fixed, introducing new code may create additional vulnerabilities that developers were not expecting. On top of all that, security researchers – or worse, attackers themselves – are constantly finding new zero-day vulnerabilities within previously trusted applications. Application vulnerabilities represent one of the most common and significant threat vectors. Applications (as well as underlying systems software, such as databases and operating systems) are extremely complex, often containing millions or tens of millions of lines of code written by teams of developers. The growing number of connections between applications and other components in a network-based environment increases their complexity and, therefore, their vulnerability. As a result, vulnerabilities are inadvertently created that may be difficult to detect during code design, review and testing. Application vulnerabilities provide attackers with an opportunity to insert malicious code into a system or escalate unauthorized user privileges that give them access to data or functions they should not have. Thus, these attacks are known as vulnerability exploits. Examples of server-based systems that are vulnerable to exploits include operating systems, web and email servers, programming platforms (such as .NET or Java), databases, and applications, such as Microsoft® Office, SharePoint® or Adobe® Flash®.
    [Show full text]
  • Navigating the Digital Age: the Definitive Cybersecurity Guide For
    THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS NAVIGATING THE DIGITAL AGE: The Defi nitive Cybersecurity Guide for Directors and Offi cers Published by Navigating the Digital Age: The Defi nitive Cybersecurity Guide for Directors and Offi cers Publisher: Tim Dempsey Editor: Matt Rosenquist Design and Composition: Graphic World, Inc. Printing and Binding: Transcontinental Printing Navigating the Digital Age: The Defi nitive Cybersecurity Guide for Directors and Offi cers is published by: Caxton Business & Legal, Inc. 27 North Wacker Drive, Suite 601 Chicago, IL 60606 Phone: +1 312 361 0821 Email: [email protected] First published: 2015 ISBN: 978-0-9964982-0-3 Navigating the Digital Age: The Defi nitive Cybersecurity Guide for Directors and Offi cers © October 2015 Cover illustration by Tim Heraldo Copyright in individual chapters rests with the authors. No photocopying: copyright licenses do not apply. DISCLAIMER Navigating the Digital Age: The Defi nitive Cybersecurity Guide for Directors and Offi cers (the Guide) contains summary information about legal and regulatory aspects of cybersecurity governance and is current as of the date of its initial publication (October 2015). Although the Guide may be revised and updated at some time in the future, the publishers and authors do not have a duty to update the information contained in the Guide, and will not be liable for any failure to update such information. The publishers and authors make no representation as to the completeness or accuracy of any information contained in the Guide. This guide is written as a general guide only. It should not be relied upon as a substitute for specifi c professional advice.
    [Show full text]
  • Debian GNU/Linux
    Debian GNU/Linux Debian GNU/Linux Copyright © 2004, 2005 Debian Debian GNU/Linux 3.1 (“sarge”) ø PA-RISC (“hppa”). , Debian. þ , Debian (“boot-floppies”). þ , hppa ø ø . þ , boot-floppies. , , debian-installer (http://www.debian.org/devel/debian-installer/). . ; / GNU. : .E. Debian GNU/Linux 3.1 hppa..............................................................................viii 1. Debian................................................................................................... 1 1.1. Debian? ............................................................................................................. 1 1.2. GNU/Linux? ..................................................................................................... 2 1.3. Debian GNU/Linux?......................................................................................... 3 1.4. Debian ............................................................................................................. 4 1.5. ........................................................... 4 1.6. ........................................................................................... 4 1.7. ..................................................... 5 2. ........................................................................................................... 7 2.1. ..................................................................................... 7 2.1.1.
    [Show full text]
  • How to Create a Modern Ransomware Security Strategy
    HOW TO CREATE A MODERN RANSOMWARE SECURITY STRATEGY Government and education leaders should focus on the three pillars of technology, people and policy to guard against sophisticated hackers. 1 2 CONTENTS 04 INTRODUCTION 06 A CLEAR AND PRESENT DANGER NEW TOOLS TO FIGHT RANSOMWARE: 08 TECHNOLOGY • Ensure endpoint protection • Leverage next-generation firewalls • Incorporate artificial intelligence and machine learning • Keep up to date on software patching • Manage inventory • Leverage third-party threat intelligence services 12 PEOPLE • Update end-user training • Involve stakeholders in training design • Address risky behavior • Consider attack simulations • Focus on behavior change, not punishment • Help security and IT teams stay sharp • Keep security front and center 16 POLICY • Start with data governance • Realize the importance of backup and recovery • Rethink identity and access • Validate your security plans • Compare yourself to others • Consider consolidation 18 SECURING THE FUTURE 3 INTRODUCTION After sharp spikes in Grunzweig, senior malware governments and education ransomware attacks in recent researcher with Unit 42. institutions, which are years, the total number seeing more focused and of incidents is trending A drop in the sheer number sophisticated ransomware downward in 2018. But that’s of attacks is encouraging for attacks this year. not necessarily good news government leaders who because these attacks also are have updated their security For example, Unit 42 has been becoming more targeted and strategies to better protect tracking a spike in SamSam, potentially more dangerous. networks and reduce the need a ransomware family that’s for employees to make split- been around for years but Unit 42, the research arm second decisions about which now has become a go-to for of Palo Alto Networks, emails or web links are risky.
    [Show full text]