Management Features
Focus
Focus

Management Features

Table of Contents
End-of-Life (EoL)

Management Features

Learn about the new management features introduced in PAN-OS® 10.0.
New Management FeatureDescription
Web Interface Refresh
The PAN-OS® web interface has a new look and feel to provide an even better user experience. You can see the new branding, colors, and icons in Panorama™ and firewalls running a PAN-OS 10.0 release.
Telemetry
Telemetry data collection is expanded to cover device health and performance, product usage categories, and threat prevention. This data is used to power applications that increase your ability to manage and configure your Palo Alto Networks products and services and to provide improved visibility into device health, performance, capacity planning, and configuration. Palo Alto Networks uses this data to improve threat prevention and to help you maximize your product usage benefits.
External Dynamic List Log Fields
The firewall now features new external dynamic list (EDL) log fields to help you quickly identify when an entry in an EDL matches traffic and to which EDL that entry belongs.
Millisecond Granularity for PAN-OS® Logs
If you collect logs from multiple sources, you need detailed log timestamps for SOC troubleshooting, correlation, and visibility to investigate network security events and threats. Now all PAN-OS logs forwarded to an external destination, such as a syslog server or the Cortex™ Data Lake, support millisecond granularity timestamps.
Visibility on Custom Threat Names
Panorama now writes custom threat object names directly into the PAN-OS logs on the firewall for enhanced monitoring and visibility into your threat data. As a result, the Panorama management server can now report on custom Spyware and Vulnerability threats by name even when a firewall belongs to multiple device groups.
PAN-OS and Panorama REST API Enhancements
The REST API now includes endpoints that enable you to manage network configurations on the firewall and on Panorama. Secondly, you can now configure administrative role types to provide granular access to REST API endpoints. You can enable, disable, or assign read-only access to each endpoint. Thirdly, access domain enforcement, which enables administrators to manage access to specific domains on Panorama and on firewalls, now extends to the REST API.
Proxy Support for Cortex Data Lake
You can now configure the firewall to forward logs to Cortex Data Lake through a proxy server. This enables you to send log data to Cortex Data Lake from a network without a default gateway.
Rule Usage Filtering Actions
Delete, disable, or tag policy rules directly from the Policy Optimizer after filtering unused rules to simplify your policy rulebase management. For example, if you have a rule lifecycle process to identify obsolete rules, you can use the Policy Optimizer to filter, identify and tag the unused rules for offline review. After the review, you can return to view the list of tagged policy rules to delete any obsolete or unused rules.
Additional Predefined Time Filters for the ACC, Monitoring, and Reports
You can now filter the ACC, Monitoring, and Reports for up to 60 or 90 days. This enables improved performance when querying between 30 and 90 days by optimizing the Panorama query for only relevant logs.
Enhanced Dataplane Processor Utilization Monitoring
You can now monitor individual dataplane (DP) processor utilization on firewalls with multiple dataplanes (PA-7000 and PA-5200 Series) using the Simple Network Management Protocol (SNMP) HOST-RESOURCES-MIB. Use the SNMP Manager to set alerts when utilization reaches a specific threshold for each DP processor to avoid service availability issues.
Enhancements for Managing Update Server Connection
You now have improved visibility and troubleshooting for connections to the update server during firewall or Panorama management server registration, content updates, license renewals, and software upgrades. Enhancements include:
  • System logs contain more specific reasons for communication issues such as command error, file I/O error, network failure, SSL verification failure, authentication failure, protocol error, and server error.
  • You can configure up to three reconnection attempts if there is a connection failure. The default behavior (to not attempt to reconnect) is still the same.
  • The content update package includes a SHA256 checksum of the package from the update server. You can validate this against checksum of the downloaded file to ensure the integrity of the downloaded content package.
New Regional Support for Telemetry
(Supported in 10.0.2 and later)
For critical visibility into your deployment through telemetry-powered application and compliance with regional data privacy regulations, you can now send telemetry data to a storage destination in Canada, Japan, or Singapore.
This feature requires Applications and Threats content version 8335 or later.