You can now send logs from your Panorama-managed Cloud NGFW for Azure resource to Azure Log Analytics Workspace, Syslog Servers, and Panorama. See Multiple Log Destinations on Cloud NGFW for Azure more information.

Cloud NGFW for Azure is now available in the following Azure regions:

France Central
South Central US

This release enables the Cloud NGFW for Azure to automatically scale up to 100Gbps for both vNET and vWAN deployments. See Deploy the Cloud NGFW in a vNET and Deploy the Cloud NGFW in a vWAN for more information.

Cloud NGFW for Azure is now available in the following Azure regions:

North Central United States
Southeast Asia

This release adds support for Private Source NAT. With this support, you can create a Private NAT gateway to perform network address translation (NAT). For more information, see Edit an Existing Firewall to Enable Private Source NAT.

Cloud NGFW for Azure is now available in the following Azure regions:

Japan East
Brazil South

This release supports implicit rule deletions in a rulestack. With this enhancement:

You can delete non-empty unassociated rulestacks without deleting any rules and objects.
You can delete resource groups while retaining empty or non-empty unassociated rulestacks.
You can delete non-empty unassociated rulestacks using the Azure CLI, CDK, PowerShell and Terraform.

Cloud NGFW for Azure adds support for the Palo Alto Networks DNS Security service. This service allows you to protect vNET and vWAN traffic from advanced DNS-based threats by monitoring and controlling the domains that your network resources query. For more information, see Enable DNS Security on Cloud NGFW for Azure.

This release adds support for additional private IP ranges besides those addresses specified in RFC 1918 for vNET and vWAN deployments. With this support, you can use public IP address blocks (for example, 40.0.0.0/24) as your private network without routing the traffic to the internet. For more information about this feature in vNET deployments, see the information provided in the

Networking Section

(step 5) Additional Prefixes to Private Traffic Range.

Cloud NGFW for Azure is now available in the following Azure regions:

US West 2
North Europe

Programmatic access allows you to create and manage NGFWs and rulestacks using APIs. Using these APIs, you can invoke actions on Cloud NGFW resources through an application or third-party tool. The table below provides information about supported tools:

Integrate your organization’s SSO login flow with your Palo Alto Networks

Customer Support Portal

account for your Cloud NGFW for Azure subscription. For more information, see Integrate Single Sign-on.

This release adds support for public domain email addresses for Customer Support Portal accounts. Previously, users who managed Cloud NGFW assets and related support cases needed a corporate email address to log into the account. With this added functionality:

Public domain users access assets and support cases in accounts where they are members.

RBAC access controls are assignable and applied to users with public domain emails.

A user with a public domain email address in one account can't access assets and support cases in another account. Resolve this issue by adding the user with the public domain email address to the account they need to access.

A user with a public domain email address is assigned any role, including superuser and domain administrator.

An account can have one or more users with a public domain email address. If an account was created by a user with a public domain email address, the account is considered

public

.

An account can't have a mix of users with corporate and public email addresses.

The following public domain email addresses are supported:

gmail.com	yahoo.*	hotmail.*
live.*	outlook.com	aol.com
gms.* (gmx.de, gmx.net, gmx.us)	icloud.com	msn.com
comcast.net**	att.net