Palo Alto Networks has increased the recommended Panorama virtual appliance memory requirement to a minimum of 64GB, up from 32GB. This impacts Panorama virtual appliances in Panorama and Log Collector mode to avoid any logging, management, and operational performance issues related to an under-provisioned Panorama virtual appliance.

For new Panorama virtual appliance deployments, Palo Alto Networks recommends deploying the virtual machine with a minimum of 64GB. For existing Panroama virtual appliance deployments, See Increase the CPUs and Memory of the Panorama Virtual Appliance to increase the memory for an existing Panorama virtual appliance after successful upgrade to PAN-OS 11.0.

The maximum characters supported for a custom syslog format (DeviceServer ProfilesSyslog and PanoramaServer ProfilesSyslog) is increased to 4,096 characters.

Rather than automatically restarting the Panorama management server, a critical system log (MonitorLogsSystem) is now generated to alert that a Panorama reboot (PanoramaSetupOperations) is required when the configd process responsible for configuration management and Panorama operations encounters memory issues

To test the SCP server connection when you schedule a configuration export (PanoramaSchedule Config Export) or log export (DeviceScheduled Log Export), a new pop-up window is displayed requiring you to enter the SCP server clear textPassword and Confirm Password to test the SCP server connection and enable the secure transfer of data.

You must also enter the clear text SCP server Password and Confirm Password when you test the SCP server connection from the firewall or Panorama CLI.

For multi-vsys firewalls managed by a Panorama managed server, configuration objects in the Shared device group are now pushed to a Panorama Shared configuration context for all virtual systems rather than duplicating the shared configuration to each virtual system to reduce the operational burden of scaling configurations for multi-vsys firewalls.

As a result, you must delete or rename any locally configured firewall Shared object that has an identical name to an object in the Panorama Shared configuration. Otherwise, configuration pushes from Panorama fail after the upgrade and display the error <object-name> is already in use.

The following configurations cannot be added to the Shared Panorama location and are replicated to the Panorama location of each vsys of a multi-vsys firewall.