Focus

Next-Generation Firewall

Set Commands Introduced in PAN-OS 11.2

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1 (EoL)
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Show Commands Introduced in PAN-OS 12.1

Set Commands Changed in PAN-OS 11.2

Set Commands Introduced in PAN-OS 11.2

Command line interface 'set' commands that are new in PAN-OS 112.

Where Can I Use This?	What Do I Need?
NGFW (Managed by PAN-OS or Panorama)	No prerequisites needed

The following commands are new in the 11.2 release:

set deviceconfig system mtu <576-1500>
set deviceconfig system dns-setting servers encrypted-dns
set deviceconfig system dns-setting servers encrypted-dns connection-type
set deviceconfig system dns-setting servers encrypted-dns connection-type dns-over-https
set deviceconfig system dns-setting servers encrypted-dns connection-type dns-over-tls
set deviceconfig system dns-setting servers encrypted-dns enable-fallback <yes|no>
set deviceconfig system dns-setting servers encrypted-dns tcp-timeout <1-10>
set deviceconfig system panorama cloud-service tcp-port <default|443>
set deviceconfig system panorama cloud-service compress-config <yes|no>
set deviceconfig system inline-cloud-proxy <yes|no>
set deviceconfig system dns-security-server <value>
set deviceconfig system route service
set deviceconfig system route service <name>
set deviceconfig system route service <name> source
set deviceconfig system route service <name> source interface <value>
set deviceconfig system route service <name> source address <value>
set deviceconfig system route service <name> source-v6
set deviceconfig system route service <name> source-v6 interface <value>
set deviceconfig system route service <name> source-v6 address <value>
set deviceconfig setting mlav
set deviceconfig setting mlav cloud-server <value>
set deviceconfig setting dns
set deviceconfig setting dns dns-cloud-server <value>
set deviceconfig setting adns-setting
set deviceconfig setting adns-setting max-latency <1-15000>
set deviceconfig setting ssl-decrypt use-mp-sess-cache <yes|no>
set deviceconfig setting session packet-buffer-protection-use-buffer <yes|no>
set deviceconfig setting session persistent-dipp-alert-enable <yes|no>
set deviceconfig setting session persistent-dipp-alert-threshold <1-99>
set deviceconfig setting session persistent-dipp-alert-interval <1-120>
set deviceconfig setting session offload <yes|no>
set deviceconfig setting iot edge enable-saas-edge-service <yes|no>
set deviceconfig setting iot edge saas-edge-address <ip/netmask>|<value>
set deviceconfig setting additional-header-logging
set deviceconfig setting additional-header-logging enable <yes|no>
set deviceconfig setting additional-header-logging disable-apps  [ <disable-apps1> <disable-apps2>... ]
set deviceconfig setting additional-header-logging enable-apps  [ <enable-apps1> <enable-apps2>... ]
set deviceconfig setting cloud-userid segment-assignment <cloud-identity-engine|panorama>
set deviceconfig setting session-tracking
set deviceconfig setting session-tracking disable <yes|no>
set deviceconfig setting session-tracking user-re-authentication
set deviceconfig setting session-tracking user-re-authentication disable <yes|no>
set deviceconfig high-availability interface ha1 port <value>|<ha1-a|ha1-b|management>
set deviceconfig high-availability interface ha1 link-speed <auto|10|100|1000>
set deviceconfig high-availability interface ha1 link-duplex <auto|full|half>
set deviceconfig high-availability interface ha1-backup port <value>|<ha1-a|ha1-b|management>
set deviceconfig high-availability interface ha1-backup link-speed <auto|10|100|1000>
set deviceconfig high-availability interface ha1-backup link-duplex <auto|full|half>
set deviceconfig high-availability interface ha2 port <value>|<hsci>
set deviceconfig high-availability interface ha2-backup port <value>|<hsci>
set deviceconfig high-availability interface ha3 port <value>|<hsci>
set network profiles zone-protection-profile <name> block-ip-protocol
set network profiles zone-protection-profile <name> block-ip-protocol protocol
set network profiles zone-protection-profile <name> block-ip-protocol protocol <name>
set network profiles zone-protection-profile <name> block-ip-protocol protocol <name> ip-proto-num <1-255>
set network profiles zone-protection-profile <name> block-ip-protocol protocol <name> enable <yes|no>
set network profiles bfd-profile <name> min-tx-interval <100-10000>
set network profiles bfd-profile <name> min-rx-interval <100-10000>
set network interface ethernet <name> link-speed <value>
set network interface ethernet <name> link-duplex <value>
set network interface ethernet <name> virtual-wire lldp high-availability
set network interface ethernet <name> virtual-wire lldp high-availability passive-pre-negotiation <yes|no>
set network interface ethernet <name> virtual-wire lacp
set network interface ethernet <name> virtual-wire lacp high-availability
set network interface ethernet <name> virtual-wire lacp high-availability passive-pre-negotiation <yes|no>
set network interface ethernet <name> layer2 lldp high-availability
set network interface ethernet <name> layer2 lldp high-availability passive-pre-negotiation <yes|no>
set network interface ethernet <name> layer3 df-ignore <yes|no>
set network interface ethernet <name> layer3 bonjour
set network interface ethernet <name> layer3 bonjour enable <yes|no>
set network interface ethernet <name> layer3 proxy-protocol port
set network interface ethernet <name> layer3 proxy-protocol port start <1-65535>
set network interface ethernet <name> layer3 proxy-protocol port end <1-65535>
set network interface ethernet <name> layer3 units <name> df-ignore <yes|no>
set network interface ethernet <name> layer3 units <name> bonjour
set network interface ethernet <name> layer3 units <name> bonjour enable <yes|no>
set network interface ethernet <name> layer3 lldp high-availability
set network interface ethernet <name> layer3 lldp high-availability passive-pre-negotiation <yes|no>
set network interface ethernet <name> lacp
set network interface ethernet <name> lacp port-priority <1-65535>
set network interface aggregate-ethernet <name> ha lacp
set network interface aggregate-ethernet <name> ha lacp enable <yes|no>
set network interface aggregate-ethernet <name> ha lacp fast-failover <yes|no>
set network interface aggregate-ethernet <name> ha lacp mode <passive|active>
set network interface aggregate-ethernet <name> ha lacp transmission-rate <fast|slow>
set network interface aggregate-ethernet <name> ha lacp system-priority <1-65535>
set network interface aggregate-ethernet <name> ha lacp max-ports <1-8>
set network interface aggregate-ethernet <name> virtual-wire lldp high-availability
set network interface aggregate-ethernet <name> virtual-wire lldp high-availability passive-pre-negotiation <yes|no>
set network interface aggregate-ethernet <name> layer2 lacp
set network interface aggregate-ethernet <name> layer2 lacp enable <yes|no>
set network interface aggregate-ethernet <name> layer2 lacp fast-failover <yes|no>
set network interface aggregate-ethernet <name> layer2 lacp mode <passive|active>
set network interface aggregate-ethernet <name> layer2 lacp transmission-rate <fast|slow>
set network interface aggregate-ethernet <name> layer2 lacp system-priority <1-65535>
set network interface aggregate-ethernet <name> layer2 lacp max-ports <1-8>
set network interface aggregate-ethernet <name> layer2 lacp high-availability
set network interface aggregate-ethernet <name> layer2 lacp high-availability use-same-system-mac
set network interface aggregate-ethernet <name> layer2 lacp high-availability use-same-system-mac enable <yes|no>
set network interface aggregate-ethernet <name> layer2 lacp high-availability use-same-system-mac mac-address <value>
set network interface aggregate-ethernet <name> layer2 lacp high-availability passive-pre-negotiation <yes|no>
set network interface aggregate-ethernet <name> layer2 lldp high-availability
set network interface aggregate-ethernet <name> layer2 lldp high-availability passive-pre-negotiation <yes|no>
set network interface aggregate-ethernet <name> layer3 df-ignore <yes|no>
set network interface aggregate-ethernet <name> layer3 bonjour
set network interface aggregate-ethernet <name> layer3 bonjour enable <yes|no>
set network interface aggregate-ethernet <name> layer3 lacp
set network interface aggregate-ethernet <name> layer3 lacp enable <yes|no>
set network interface aggregate-ethernet <name> layer3 lacp fast-failover <yes|no>
set network interface aggregate-ethernet <name> layer3 lacp mode <passive|active>
set network interface aggregate-ethernet <name> layer3 lacp transmission-rate <fast|slow>
set network interface aggregate-ethernet <name> layer3 lacp system-priority <1-65535>
set network interface aggregate-ethernet <name> layer3 lacp max-ports <1-8>
set network interface aggregate-ethernet <name> layer3 lacp high-availability
set network interface aggregate-ethernet <name> layer3 lacp high-availability use-same-system-mac
set network interface aggregate-ethernet <name> layer3 lacp high-availability use-same-system-mac enable <yes|no>
set network interface aggregate-ethernet <name> layer3 lacp high-availability use-same-system-mac mac-address <value>
set network interface aggregate-ethernet <name> layer3 lacp high-availability passive-pre-negotiation <yes|no>
set network interface aggregate-ethernet <name> layer3 lldp high-availability
set network interface aggregate-ethernet <name> layer3 lldp high-availability passive-pre-negotiation <yes|no>
set network interface aggregate-ethernet <name> layer3 units <name> df-ignore <yes|no>
set network interface aggregate-ethernet <name> layer3 units <name> bonjour
set network interface aggregate-ethernet <name> layer3 units <name> bonjour enable <yes|no>
set network interface vlan df-ignore <yes|no>
set network interface vlan units <name> df-ignore <yes|no>
set network interface tunnel df-ignore <yes|no>
set network interface tunnel units <name> df-ignore <yes|no>
set network ike gateway <name> protocol ikev2 pq-ppk
set network ike gateway <name> protocol ikev2 pq-ppk enabled <yes|no>
set network ike gateway <name> protocol ikev2 pq-ppk negotiation-mode <preferred|mandatory>
set network ike gateway <name> protocol ikev2 pq-ppk keys
set network ike gateway <name> protocol ikev2 pq-ppk keys <name>
set network ike gateway <name> protocol ikev2 pq-ppk keys <name> key <value>
set network ike gateway <name> protocol ikev2 pq-ppk keys <name> enabled <yes|no>
set network ike gateway <name> protocol ikev2 pq-kem
set network ike gateway <name> protocol ikev2 pq-kem enable <yes|no>
set network ike gateway <name> protocol ikev2 pq-kem negotiation-mode <preferred|mandatory>
set network ike gateway <name> protocol ikev2 pq-kem block-vulnerable-cipher <yes|no>
set network ike gateway <name> protocol ikev2 ikev2-fragment
set network ike gateway <name> protocol ikev2 ikev2-fragment enable <yes|no>
set network ike gateway <name> protocol ikev2 ikev2-fragment size <200-2048>
set network ike crypto-profiles ike-crypto-profiles <name> ake
set network ike crypto-profiles ike-crypto-profiles <name> ake ake-1  [ <ake-11> <ake-12>... ]
set network ike crypto-profiles ike-crypto-profiles <name> ake ake-2  [ <ake-21> <ake-22>... ]
set network ike crypto-profiles ike-crypto-profiles <name> ake ake-3  [ <ake-31> <ake-32>... ]
set network ike crypto-profiles ike-crypto-profiles <name> ake ake-4  [ <ake-41> <ake-42>... ]
set network ike crypto-profiles ike-crypto-profiles <name> ake ake-5  [ <ake-51> <ake-52>... ]
set network ike crypto-profiles ike-crypto-profiles <name> ake ake-6  [ <ake-61> <ake-62>... ]
set network ike crypto-profiles ike-crypto-profiles <name> ake ake-7  [ <ake-71> <ake-72>... ]
set network ike crypto-profiles ike-crypto-profiles <name> ake enabled <yes|no>
set network ike crypto-profiles ipsec-crypto-profiles <name> dh-group <no-pfs|group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network ike crypto-profiles ipsec-crypto-profiles <name> ake
set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-1 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-2 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-3 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-4 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-5 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-6 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network ike crypto-profiles ipsec-crypto-profiles <name> ake ake-7 <group1|group2|group5|group14|group15|group16|group19|group20|group21|kyber-512|kyber-768|kyber-1024|bike-L1|bike-L3|bike-L5|frodokem-640-aes|frodokem-640-shake|frodokem-976-aes|frodokem-976-shake|frodokem-1344-aes|frodokem-1344-shake|hqc-128|hqc-192|hqc-256|classic-mceliece-348864|classic-mceliece-460896|classic-mceliece-6688128|classic-mceliece-6960119|classic-mceliece-8192128|classic-mceliece-348864f|classic-mceliece-460896f|classic-mceliece-6688128f|classic-mceliece-6960119f|classic-mceliece-8192128f|ntruprime-sntrup761>
set network tunnel gre <name> peer-address
set network tunnel gre <name> peer-address fqdn
set network tunnel gre <name> peer-address fqdn fqdn-name <value>
set network tunnel ipsec <name> proxy-id-strict-matching <yes|no>
set network qos interface <name> regular-traffic groups <name> members <name> match local-address destination_interface <value>
set network virtual-router <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> source <value>|<DHCP|PPPOE|CELLULAR>
set network logical-router <name> vrf <name> routing-table ip static-route <name> path-monitor monitor-destinations <name> source <value>|<DHCP|PPPOE|CELLULAR>
set network routing-profile filters prefix-list <name> type ipv4 ipv4-entry <name> prefix entry network <ip/netmask>|<value>
set network routing-profile filters route-maps redistribution redist-entry <name> connected-static bgp route-map <name> match tag <1-4294967295>
set network routing-profile filters route-maps redistribution redist-entry <name> connected-static ospf route-map <name> match tag <1-4294967295>
set network routing-profile filters route-maps redistribution redist-entry <name> connected-static ospfv3 route-map <name> match tag <1-4294967295>
set network routing-profile filters route-maps redistribution redist-entry <name> connected-static rip route-map <name> match tag <1-4294967295>
set network routing-profile filters route-maps redistribution redist-entry <name> connected-static rib route-map <name> match tag <1-4294967295>
set network routing-profile bfd <name> min-tx-interval <100-10000>
set network routing-profile bfd <name> min-rx-interval <100-10000>
set network dns-proxy <name> encrypted-dns
set network dns-proxy <name> encrypted-dns enabled <yes|no>
set network dns-proxy <name> encrypted-dns server-side-config
set network dns-proxy <name> encrypted-dns server-side-config connection-type
set network dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-https
set network dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-tls
set network dns-proxy <name> encrypted-dns server-side-config connection-type origin
set network dns-proxy <name> encrypted-dns server-side-config connection-type cleartext
set network dns-proxy <name> encrypted-dns server-side-config enable-fallback <yes|no>
set network dns-proxy <name> encrypted-dns server-side-config tcp-timeout <1-10>
set network dns-proxy <name> encrypted-dns client-side-config
set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types
set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-https <yes|no>
set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-tls <yes|no>
set network dns-proxy <name> encrypted-dns client-side-config allowed-dns-types cleartext <yes|no>
set network dns-proxy <name> encrypted-dns client-side-config ssl-tls-service-profile <value>
set shared reports <name> type decryption group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|tls_version|tls_keyxchg|tls_enc|tls_auth|ec_curve|err_index|root_status|proxy_type|policy_name|cn|issuer_cn|root_cn|sni|error|cluster_name|src_dag|dst_dag|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time>
set shared reports <name> type threat group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|threatid|category|severity|direction|http_method|nssai_sst|filedigest|filetype|http2_connection|xff_ip|threat_name|src_edl|dst_edl|dynusergroup_name|hostid|partial_hash|cloud_reportid|cluster_name|flow_type|http2_connection_64|local_deep_learning|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|misc|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|flag-nat|flag-pcap|subtype|transaction|captive-portal|flag-proxy|non-std-dport|tunnelid|monitortag|users|category-of-threatid|threat-type>
set shared reports <name> type url group-by <additional_headers|action|app|category|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|http_headers|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|contenttype|user_agent|device_name|vsys_name|url|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|http_method|url_category_list|xff_ip|container_id|pod_namespace|pod_name|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|cloud_reportid|additional_headers>
set shared reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl>
set shared reports <name> type data group-by <action|app|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac>
set shared reports <name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dev_serial|dport|action|severity|inbound_if|outbound_if|category|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype|tunnelid|monitortag|category-of-threatid|threat-type>
set shared reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|offloaded|flow_type|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|flag-decrypt-fwd|tunnelid|monitortag>
set shared reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|http2_connection_64|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag>
set shared reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|dev_serial|dport|action|tunnel|inbound_if|outbound_if|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|cluster_name|flow_type|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag|standard-ports-of-app>
set shared override application <name> timeout <0-35712000>
set shared log-settings correlation
set shared log-settings correlation match-list
set shared log-settings correlation match-list <name>
set shared log-settings correlation match-list <name> description <value>
set shared log-settings correlation match-list <name> filter <value>
set shared log-settings correlation match-list <name> send-snmptrap  [ <send-snmptrap1> <send-snmptrap2>... ]
set shared log-settings correlation match-list <name> send-email  [ <send-email1> <send-email2>... ]
set shared log-settings correlation match-list <name> send-syslog  [ <send-syslog1> <send-syslog2>... ]
set shared log-settings correlation match-list <name> send-http  [ <send-http1> <send-http2>... ]
set shared log-settings correlation match-list <name> quarantine <yes|no>
set shared log-settings correlation match-list <name> actions
set shared log-settings correlation match-list <name> actions <name>
set shared log-settings correlation match-list <name> actions <name> type
set shared log-settings correlation match-list <name> actions <name> type tagging
set shared log-settings correlation match-list <name> actions <name> type tagging target <source-address|destination-address|xff-address|user>
set shared log-settings correlation match-list <name> actions <name> type tagging action <add-tag|remove-tag>
set shared log-settings correlation match-list <name> actions <name> type tagging registration
set shared log-settings correlation match-list <name> actions <name> type tagging registration localhost
set shared log-settings correlation match-list <name> actions <name> type tagging registration panorama
set shared log-settings correlation match-list <name> actions <name> type tagging registration remote
set shared log-settings correlation match-list <name> actions <name> type tagging registration remote http-profile <value>
set shared log-settings correlation match-list <name> actions <name> type tagging timeout <0-43200>
set shared log-settings correlation match-list <name> actions <name> type tagging tags  [ <tags1> <tags2>... ]
set shared log-settings email <name> format correlation <value>
set shared log-settings syslog <name> format correlation <value>
set shared log-settings http <name> format correlation
set shared log-settings http <name> format correlation name <value>
set shared log-settings http <name> format correlation url-format <value>
set shared log-settings http <name> format correlation headers
set shared log-settings http <name> format correlation headers <name>
set shared log-settings http <name> format correlation headers <name> value <value>
set shared log-settings http <name> format correlation params
set shared log-settings http <name> format correlation params <name>
set shared log-settings http <name> format correlation params <name> value <value>
set shared log-settings http <name> format correlation payload <value>
set shared log-settings profiles <name> match-list <name> log-type <traffic|threat|wildfire|url|data|tunnel|auth|decryption>
set shared response-page remote-browser-isolation
set shared response-page remote-browser-isolation url-isolate-page <value>
set shared response-page remote-browser-isolation http-post-redirect <value>
set shared response-page url-reply
set shared response-page url-reply url-reply-page <value>
set shared response-page url-reply url-reply-code <100-999>
set shared admin-role <name> role device webui objects user-context-segment <enable|read-only|disable>
set shared admin-role <name> role device webui network global-protect dhcp-profile <enable|read-only|disable>
set shared admin-role <name> role device webui device log-settings correlation <enable|read-only|disable>
set import resource max-security-rules <0-5000>
set dns-proxy <name> encrypted-dns
set dns-proxy <name> encrypted-dns enabled <yes|no>
set dns-proxy <name> encrypted-dns server-side-config
set dns-proxy <name> encrypted-dns server-side-config connection-type
set dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-https
set dns-proxy <name> encrypted-dns server-side-config connection-type dns-over-tls
set dns-proxy <name> encrypted-dns server-side-config connection-type origin
set dns-proxy <name> encrypted-dns server-side-config connection-type cleartext
set dns-proxy <name> encrypted-dns server-side-config enable-fallback <yes|no>
set dns-proxy <name> encrypted-dns server-side-config tcp-timeout <1-10>
set dns-proxy <name> encrypted-dns client-side-config
set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types
set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-https <yes|no>
set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types dns-over-tls <yes|no>
set dns-proxy <name> encrypted-dns client-side-config allowed-dns-types cleartext <yes|no>
set dns-proxy <name> encrypted-dns client-side-config ssl-tls-service-profile <value>
set captive-portal redirect-host-v6 <ip/netmask>|<value>
set zone <name> network log-setting <value>
set zone <name> network
set zone <name> network tap  [ <tap1> <tap2>... ]
set zone <name> network virtual-wire  [ <virtual-wire1> <virtual-wire2>... ]
set zone <name> network layer2  [ <layer21> <layer22>... ]
set zone <name> network layer3  [ <layer31> <layer32>... ]
set zone <name> network tunnel
set zone <name> user-acl
set zone <name> user-acl include-list  [ <include-list1> <include-list2>... ]
set zone <name> user-acl exclude-list  [ <exclude-list1> <exclude-list2>... ]
set zone <name> device-acl
set zone <name> device-acl include-list  [ <include-list1> <include-list2>... ]
set zone <name> device-acl exclude-list  [ <exclude-list1> <exclude-list2>... ]
set zone <name>
set zone <name> enable-user-identification <yes|no>
set zone <name> enable-device-identification <yes|no>
set zone <name> network zone-protection-profile <value>
set zone <name> network enable-packet-buffer-protection <yes|no>
set zone <name> network net-inspection <yes|no>
set zone <name> network prenat-identification
set zone <name> network prenat-identification enable-prenat-user-identification <yes|no>
set zone <name> network prenat-identification enable-prenat-device-identification <yes|no>
set zone <name> network prenat-identification enable-prenat-source-policy-lookup <yes|no>
set zone <name> network prenat-identification enable-prenat-source-ip-downstream <yes|no>
set sdwan-interface-profile <name> link-type <ADSL/DSL|Cablemodem|Ethernet|Fiber|LTE/3G/4G/5G|MPLS|Microwave/Radio|Satellite|WiFi|Private1|Private2|Private3|Private4|Other>
set global-protect global-protect-gateway <name> gp-gw-dhcp enable-dhcp <yes|no>
set global-protect global-protect-gateway <name> gp-gw-dhcp dhcp-timeout <1-30>
set global-protect global-protect-gateway <name> gp-gw-dhcp retry-times <0-3>
set global-protect global-protect-gateway <name> gp-gw-dhcp gp-dhcp-server
set global-protect global-protect-gateway <name> gp-gw-dhcp gp-dhcp-server <name>
set global-protect global-protect-gateway <name> gp-gw-dhcp gp-dhcp-server <name> type <secondary|primary>
set profiles spyware <name> botnet-domains advanced-dns-security-categories
set profiles spyware <name> botnet-domains advanced-dns-security-categories <name>
set profiles spyware <name> botnet-domains advanced-dns-security-categories <name> action <default|allow|alert|block|sinkhole>
set profiles spyware <name> botnet-domains advanced-dns-security-categories <name> log-level <default|none|low|informational|medium|high|critical>
set profiles spyware <name> botnet-domains misconfig-zone
set profiles spyware <name> botnet-domains misconfig-zone <name>
set profiles spyware <name> botnet-domains misconfig-zone <name> description <value>
set profiles spyware <name> mica-engine-spyware-enabled <name> local-deep-learning <enable|disable>
set profiles url-filtering <name> isolate  [ <isolate1> <isolate2>... ]
set profiles url-filtering <name> block-reply  [ <block-reply1> <block-reply2>... ]
set profiles wildfire-analysis <name> mica-engine-wildfire-rules <name> action <allow|alert|block>
set profiles dos-protection <name> flood tcp-syn red block-probability <0-100>
set profiles dos-protection <name> flood udp red block-probability <0-100>
set profiles dos-protection <name> flood icmp red block-probability <0-100>
set profiles dos-protection <name> flood icmpv6 red block-probability <0-100>
set profiles dos-protection <name> flood other-ip red block-probability <0-100>
set profiles saas-user-list
set profiles saas-user-list <name>
set profiles saas-user-list <name> description <value>
set profiles saas-user-list <name> list  [ <list1> <list2>... ]
set profiles saas-tenant-list
set profiles saas-tenant-list <name>
set profiles saas-tenant-list <name> description <value>
set profiles saas-tenant-list <name> list  [ <list1> <list2>... ]
set reports <name> type decryption group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|tls_version|tls_keyxchg|tls_enc|tls_auth|ec_curve|err_index|root_status|proxy_type|policy_name|cn|issuer_cn|root_cn|sni|error|cluster_name|src_dag|dst_dag|src_edl|dst_edl|container_id|pod_namespace|pod_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time>
set reports <name> type threat group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|threatid|category|severity|direction|http_method|nssai_sst|filedigest|filetype|http2_connection|xff_ip|threat_name|src_edl|dst_edl|dynusergroup_name|hostid|partial_hash|cloud_reportid|cluster_name|flow_type|http2_connection_64|local_deep_learning|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|misc|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|flag-nat|flag-pcap|subtype|transaction|captive-portal|flag-proxy|non-std-dport|tunnelid|monitortag|users|category-of-threatid|threat-type>
set reports <name> type url group-by <additional_headers|action|app|category|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|http_headers|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|contenttype|user_agent|device_name|vsys_name|url|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|http_method|url_category_list|xff_ip|container_id|pod_namespace|pod_name|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|cloud_reportid|additional_headers>
set reports <name> type wildfire group-by <app|category|category-of-app|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|sport|src|srcuser|subcategory-of-app|technology-of-app|container-of-app|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|filetype|filename|filedigest|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl>
set reports <name> type data group-by <action|app|category-of-app|direction|dport|dst|dstuser|from|inbound_if|misc|natdport|natdst|natsport|natsrc|outbound_if|proto|risk-of-app|rule|rule_uuid|severity|sport|src|srcuser|subcategory-of-app|subtype|technology-of-app|container-of-app|threatid|to|dstloc|srcloc|vsys|quarter-hour-of-receive_time|hour-of-receive_time|day-of-receive_time|vsys_name|device_name|data-type|filename|tunnelid|monitortag|parent_session_id|parent_start_time|http2_connection|tunnel|xff_ip|src_dag|dst_dag|src_edl|dst_edl|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac>
set reports <name> type thsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|rule|threatid|srcuser|dstuser|srcloc|dstloc|xff_ip|vsys|from|to|dev_serial|dport|action|severity|inbound_if|outbound_if|category|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|tunnel|direction|assoc_id|ppid|http2_connection|rule_uuid|threat_name|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|subtype|tunnelid|monitortag|category-of-threatid|threat-type>
set reports <name> type traffic group-by <serial|time_generated|src|dst|natsrc|natdst|rule|srcuser|dstuser|srcloc|dstloc|app|vsys|from|to|inbound_if|outbound_if|sport|dport|natsport|natdport|proto|action|tunnel|rule_uuid|s_encrypted|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|vsys_name|device_name|parent_session_id|parent_start_time|parent_session_id_64|category|session_end_reason|action_source|nssai_sst|nssai_sd|http2_connection|xff_ip|dynusergroup_name|src_edl|dst_edl|hostid|session_owner|policy_id|offloaded|flow_type|cluster_name|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|pbf-s2c|pbf-c2s|decrypt-mirror|threat-type|flag-nat|flag-pcap|captive-portal|flag-proxy|non-std-dport|transaction|sym-return|sessionid|flag-decrypt-fwd|tunnelid|monitortag>
set reports <name> type urlsum group-by <serial|time_generated|vsys_name|device_name|app|category|src|dst|rule|srcuser|dstuser|srcloc|dstloc|vsys|from|to|dev_serial|inbound_if|outbound_if|dport|action|tunnel|url_domain|user_agent|http_method|http2_connection|http2_connection_64|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|rule_uuid|xff_ip|src_edl|dst_edl|hostid|dynusergroup_name|nssai_sst|cluster_name|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|url_category_list|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag>
set reports <name> type trsum group-by <serial|time_generated|vsys_name|device_name|app|src|dst|xff_ip|rule|srcuser|dstuser|srcloc|dstloc|category|vsys|from|to|dev_serial|dport|action|tunnel|inbound_if|outbound_if|category-of-app|subcategory-of-app|technology-of-app|container-of-app|risk-of-app|parent_session_id|parent_start_time|parent_session_id_64|assoc_id|http2_connection|rule_uuid|src_edl|dst_edl|dynusergroup_name|s_decrypted|s_encrypted|hostid|nssai_sst|cluster_name|flow_type|http2_connection_64|src_category|src_profile|src_model|src_vendor|src_osfamily|src_osversion|src_host|src_mac|dst_category|dst_profile|dst_model|dst_vendor|dst_osfamily|dst_osversion|dst_host|dst_mac|container_id|pod_namespace|pod_name|src_dag|dst_dag|day-of-receive_time|hour-of-receive_time|quarter-hour-of-receive_time|tunnelid|monitortag|standard-ports-of-app>
set rulebase security rules <name> saas-user-list  [ <saas-user-list1> <saas-user-list2>... ]
set rulebase security rules <name> saas-tenant-list  [ <saas-tenant-list1> <saas-tenant-list2>... ]
set rulebase nat rules <name> source-translation dynamic-ip interface-address
set rulebase nat rules <name> source-translation dynamic-ip interface-address interface <value>
set rulebase nat rules <name> source-translation dynamic-ip interface-address ipv6 <value>
set rulebase nat rules <name> source-translation dynamic-ip interface-address floating-ip <value>

There are 21 new set user-context-segment commands



set user-context-segment
set user-context-segment assignments
set user-context-segment assignments <name>
set user-context-segment assignments <name> description <value>
set user-context-segment assignments <name> disabled <yes|no>
set user-context-segment assignments <name> publisher-segments
set user-context-segment assignments <name> publisher-segments ipuser <#text>
set user-context-segment assignments <name> publisher-segments iptag <#text>
set user-context-segment assignments <name> publisher-segments usertag <#text>
set user-context-segment assignments <name> publisher-segments quarantine <#text>
set user-context-segment assignments <name> publisher-segments ipportuser <#text>
set user-context-segment assignments <name> subscriber-segments
set user-context-segment assignments <name> subscriber-segments <name>
set user-context-segment assignments <name> subscriber-segments <name> ipuser <enabled|disabled>
set user-context-segment assignments <name> subscriber-segments <name> iptag <enabled|disabled>
set user-context-segment assignments <name> subscriber-segments <name> usertag <enabled|disabled>
set user-context-segment assignments <name> subscriber-segments <name> quarantine <enabled|disabled>
set user-context-segment assignments <name> subscriber-segments <name> ipportuser <enabled|disabled>
set user-context-segment assignments <name> firewall-selection
set user-context-segment assignments <name> firewall-selection <name>
set user-context-segment assignments <name> firewall-selection <name> vsys  [ <vsys1> <vsys2>... ]

Show Commands Introduced in PAN-OS 12.1

Set Commands Changed in PAN-OS 11.2

Next-Generation Firewall Docs

Set Commands Introduced in PAN-OS 11.2

Next-Generation Firewall Docs

Set Commands Introduced in PAN-OS 11.2

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner