Changes to Default Behavior in PAN-OS 11.2
Focus
Focus

Changes to Default Behavior in PAN-OS 11.2

Table of Contents

Changes to Default Behavior in PAN-OS 11.2

What default behavior changes impact PAN-OS 11.2?
The following table details the changes in default behavior upon upgrade to PAN-OS® 11.2. You may also want to review the Upgrade/Downgrade Considerations before upgrading to this release.
FeatureChange
Preventing DoS Attacks with Enhanced DoS and PBP configurations
In PAN-OS 11.2.2 and previous versions, the default value of the hardware-acl-blocking duration is one second.
In PAN-OS 11.2.3 and later 11.2 versions, the default value for the hardware-acl-blocking duration has been increased to 30 seconds.
IKE protocol version support
(PAN-OS 11.2 and later releases)
We have changed the default IKE protocol version support from IKEv1 to IKEv2.
  • If you have not configured the IKE protocol version in the IKE gateway configuration, then PAN-OS supports the IKEv2 protocol version by default.
  • For VPN clusters, PAN-OS supports IKEv2 only mode by default and the support for IKEv1 only mode and IKEv2 preferred mode configuration are removed.