>
    Management Features
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Features Introduced in PAN-OS 10.1
    4. Management Features
    Download PDF

    Management Features

    Table of Contents

    Management Features

    What new management features are in PAN-OS 10.1?
    New Management Feature
    Description
    Audit Tracking for Administrator Activity
    PAN-OS 10.1 allows you to track administrator activity in the web interface and command line interface (CLI) to understand where administrators navigated and what operational and debug commands were performed to maintain an audit history for compliance purposes. An audit log is generated and forwarded to your syslog server each time an administrator activity occurs, enabling near real-time reporting of activity.
    Device Certificate for Strata Logging Service
    To reduce the number of certificates you need to install and manage to connect to Palo Alto Networks cloud services, you can now authenticate to Strata Logging Service using a device certificate. This enables you to authenticate to Strata Logging Service using the same certificate that you would use to connect to Cortex XDR, IoT Security, and Enterprise Data Loss Prevention.
    Devices using a device certificate follow a new process to onboard to Strata Logging Service. Make sure to follow the onboarding process appropriate for your PAN-OS version and deployment style.
    Packet Diagnostics Resource Protection
    The Packet-Diag command improves and promotes best practices while debugging the firewall. The improvements give you more granular control and automatically safeguards against accidental resource depletion that can impact firewall performance and reduces the amount of time it takes to analyze complex issues.
    Packet-Diag logging is now automatically:
    • Disabled after a time out setting (default 60 seconds).
    • After a CPU buffer or threshold is reached.
    Packet-Diag filters are also now automatically enabled.
    OpenConfig Support
    PAN-OS expands its automation capabilities to now support an interface based on the OpenConfig standard data models to simplify deploying firewalls in OpenConfig managed networks. The OpenConfig gNMI/gNOI service is provided through a plugin you can use to manage, configure, generate streaming telemetry, and carry out operational services on the firewall.
    Persistent Uncommitted Changes on PAN-OS
    All in-process configuration changes are preserved locally in the event your PAN-OS device or a PAN-OS management process restarts before the changes can be successfully committed. This ensures that your uncommitted configuration changes are not lost due to accidental reboots or process restarts, and reduces the operational burden of recreating your configuration changes when an unforeseen restart occurs.
    View Preferred and Base Releases of PAN-OS Software
    PAN-OS 10.1.4 and later 10.1 releases
    The Panorama web interface now displays the preferred releases and the corresponding base releases of PAN-OS software. Before you upgrade or downgrade Panorama or PAN-OS, you can view the list of preferred and base releases and choose your preferred target PAN-OS release. Preferred releases offer the latest and the most advanced features and ensure stability and performance. When there are no preferred releases available, the corresponding base version is not displayed. If necessary, you can choose to view either preferred releases or base releases.

    © 2024 Palo Alto Networks, Inc. All rights reserved.