The Enhanced Shared Optimization feature now significantly improves how Panorama pushes configurations to multi-vsys firewalls, resolving critical challenges like object duplication, memory exhaustion, and commit failures.

The feature introduces the Full optimization mode, which lets you move all firewall objects into the shared location of the firewall. This includes the previously excluded objects, such as external dynamic lists (EDLs), Custom URL categories, and various Security Profiles, such as antivirus, antispyware, URL Filtering, and HIP objects. This eliminates object replication across individual virtual systems. It drastically reduces configuration size in typical deployments and prevents commit failures caused by exceeding object limits.

This enhancement streamlines management, increases scalability, and prevents deployments from hitting object limits.

The Global Find feature is now optimized to enhance search experiences by significantly improving responsiveness when multiple administrators work simultaneously on the system.

Enabling the Optimized Search prioritizes and searches for the most relevant records based on admin-usage patterns. The new usage-based reference search returns results in batches based, preventing the GUI from freezing during intensive searches. This substantially reduces search times across large configurations. You can also choose to exclusively search for UUIDs or Template References by selecting the Search UUIDs and Include Template References options respectively.

In Policy Management, by default, the Rule Usage and App Usage columns and the Policy Optimizer are hidden after an upgrade. This prevents automatic data fetching for these components, which prevent significant slowdowns. The system now fetches data for these columns only when you explicitly make them visible.

For best performance, you can customize your view to display Rule Usage, App Usage columns, and Policy Optimizer only when needed.

With the High Availability (HA) Firewall Pair Upgrade Orchestration feature, you can simplify and automate the process of upgrading HA firewall pairs. When you use this feature, Panorama orchestrates the entire upgrade process for you, eliminating most of the manual steps that you need to execute on each device. The feature intelligently manages the upgrade sequence by following a careful and automated sequence:

The system automatically performs pre-checks to validate that your environment is ready for the upgrade. It verifies that both firewalls are connected to Panorama, confirms configuration synchronization, and validates that the HA links are operational. If these checks pass, the upgrade process begins automatically. After upgrade, the system automatically performs the necessary reboots without your intervention. In the event of an upgrade failure, you must perform a manual upgrade on the failed firewall.

This feature supports upgrading up to 200 HA pairs in a single workflow job. The feature supports both upgrade and downgrade operations, giving you flexibility in managing your firewall software versions. By automating and orchestrating what was previously a manual process, this feature reduces operational overhead and minimizes the potential for human error during firewall upgrades.

For this feature to be available, Panorama must be running 12.1.2 or a later release, and the HA firewalls must be running PAN-OS 10.2.0 or a later release.

The new Plugin Bundling feature fundamentally changes the upgrade process by automating plugin management. Previously, you had to manually compare and download plugins to ensure they were compatible with the PAN-OS version. This process was prone to errors that could lead to network outages and data loss, such as overwritten VPN pre-shared keys.

By bundling compatible plugins directly with the base image, this feature eliminates the risk of version mismatches and preserves your configurations. When you upgrade, the system automatically downloads the correct plugin versions, so you no longer have to manually download them. This ensures a seamless and conflict-free update.

The Plugins interface now provides a single location to manage all bundled plugins. The interface displays and sorts plugins, allowing you to easily install the ones you need. If you have the required license, you can manage Cloud Services in a separate, dedicated section.