Changes to Default Behavior
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure TACACS Accounting
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Post-Quantum Cryptography Detection and Control
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 10.0 (EoL)
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
-
-
- Enterprise Data Loss Prevention Features
- IoT Security Features
- Content Inspection Features
- Decryption Features
- GlobalProtect Features
- Management Features
- Certificate Management Features
- Panorama Features
- Networking Features
- User-ID Features
- Policy Features
- Authentication Features
- WildFire Features
- Virtualization Features
- SD-WAN Features
- Mobile Infrastructure Security Features
- New Hardware Introduced with PAN-OS 10.0
- Changes to Default Behavior
- Associated Software and Content Versions
- Limitations
-
-
- PAN-OS 10.0.12 Known Issues
- PAN-OS 10.0.11 Known Issues
- PAN-OS 10.0.10 Known Issues
- PAN-OS 10.0.9 Known Issues
- PAN-OS 10.0.8 Known Issues
- PAN-OS 10.0.7 Known Issues
- PAN-OS 10.0.6 Known Issues
- PAN-OS 10.0.5 Known Issues
- PAN-OS 10.0.4 Known Issues
- PAN-OS 10.0.3 Known Issues
- PAN-OS 10.0.2 Known Issues
- PAN-OS 10.0.1 Known Issues
- Known Issues for the CN-Series on Version 10.0
-
-
-
- PAN-OS 10.0.12-h6 Addressed Issues
- PAN-OS 10.0.12-h5 Addressed Issues
- PAN-OS 10.0.12-h4 Addressed Issues
- PAN-OS 10.0.12-h3 Addressed Issues
- PAN-OS 10.0.12-h1 Addressed Issues
- PAN-OS 10.0.12 Addressed Issues
- PAN-OS 10.0.11-h4 Addressed Issues
- PAN-OS 10.0.11-h3 Addressed Issues
- PAN-OS 10.0.11-h1 Addressed Issues
- PAN-OS 10.0.11 Addressed Issues
- PAN-OS 10.0.10-h1 Addressed Issues
- PAN-OS 10.0.10 Addressed Issues
- PAN-OS 10.0.9 Addressed Issues
- PAN-OS 10.0.8-h11 Addressed Issues
- PAN-OS 10.0.8-h10 Addressed Issues
- PAN-OS 10.0.8-h8 Addressed Issues
- PAN-OS 10.0.8-h4 Addressed Issues
- PAN-OS 10.0.8 Addressed Issues
- PAN-OS 10.0.7 Addressed Issues
- PAN-OS 10.0.6 Addressed Issues
- PAN-OS 10.0.5 Addressed Issues
- PAN-OS 10.0.4 Addressed Issues
- PAN-OS 10.0.3 Addressed Issues
- PAN-OS 10.0.2 Addressed Issues
- PAN-OS 10.0.1 Addressed Issues
- PAN-OS 10.0.0 Addressed Issues
End-of-Life (EoL)
Changes to Default Behavior
Changes to the default behavior in PAN-OS® 10.0.
The following table details the changes
in default behavior upon upgrade to PAN-OS® 10.0. You may also want
to review the Upgrade/Downgrade Considerations before upgrading
to this release.
Feature | Change |
---|---|
Panorama High Availability | In PAN-OS 10.0, enter the Panorama Peer
HA Serial number on each Panorama high availability
(HA) peer when configuring HA to reduce your attack surface against
brute force attacks on the Panorama IP addresses. |
Multiple APNs on S11 interfaces for RAN
deployments | In PAN-OS 10.0.2 and earlier, all access
point names (APNs) from the same user equipment (UE) shared a single
GTP-C tunnel on an S11 interface. In PAN-OS 10.0.3 and later,
the firewall supports multiple APNs on an S11 interface for RAN deployments
by creating separate sessions for multiple APNs. By dividing the
GTP-C tunnel into multiple sessions, the firewall now processes
each APN independently. |
Session persistence during rate limiting
for GTP and SCTP brute force attack signatures | In PAN-OS 9.1 and earlier, if the number
of packets matching the context of the brute force signature for
GTP and SCTP (including Diameter-S6a and S1AP) per-message signatures exceeded
the threshold and the Action was drop,
the firewall would deny any further traffic for the session and
drop any subsequent packets. In PAN-OS 10.0.2 and later,
the firewall keeps the session open and drops packets on a per-session
basis only if they match the brute force signature. For example,
if the rate limit configuration is five packets every two seconds,
the firewall allows the first four packets; the fifth and any subsequent
packets are dropped for the two-second threshold duration. |
Packet Buffer Protection | On all firewall models, packet buffer protection
based on packet buffer utilization percentage is enabled by default
globally and on each zone. |
VM-Series Disk Upgrade Restriction | In PAN-OS version 9.0 and higher the recommended
minimum disk size for VM-Series firewalls was 60GB, but PAN-OS did
not prevent the upgrade if the minimum was not met. PAN-OS version
10.0 disallows upgrade if your VM-Series firewall disk size is less
than 60GB. |
Access Domain for REST API | Access domains enable administrators to manage
access to specific domains on Panorama and on firewalls with multiple
virtual systems. Access domain enforcement now extends to the REST
API. |
PAN-OS and Panorama REST API Enhancements | After you upgrade to PAN-OS version 10.0, the
initial REST API access privileges for admin role profiles will
default to Disabled. If you downgrade from
PAN-OS version 10.0 to 9.1, the admin role profiles will preserve
the XML API access privileges, and the preserved XML API access privileges
will determine the REST API access privileges. |
NT LAN Manager protocol | Due to the inherent security risks of this legacy
protocol, the NT LAN Manager (NTLM) authentication protocol has
been removed in this release. We recommend using Kerberos Single Sign-On
(SSO) or Security Assertion Markup Language (SAML) for SSO authentication. |
User-ID Redistribution for Dedicated Log
Collectors | The Dedicated Log Collector no longer supports
redistribution for User-ID information in this release. We recommend
using the firewall or Panorama to redistribute information. |
Collector Groups | The minimum number of Log Collectors required
for a Collector Group to be operational is based on the following
formula where n equals the total number of
Log Collectors in the Collector Group: n/2+1 For
example, if you configure a Collector Group with six Log Collectors,
a minimum of four Log Collectors are required for the Collector
Group to be operational. Additionally, you should round down
the minimum number of Log Collectors required if you have an odd
number of Log Collectors in a Collector Group. For example, if you
have three Log Collectors in a Collector Group, you need at least two
Log Collectors for the Collector Group to remain operational. Two Log Collectors in a Collector Group
is supported but the Collector Group becomes non-operational if
one Log Collector goes down. |
SSL Decryption profile TLS maximum version | In PAN-OS 9.1 and earlier, the default Max
Version in the SSL Decryption profile’s SSL Protocol
Settings was Max so that profiles automatically
used the newest TLS version without manual reconfiguration. In
PAN-OS 10.0, the default setting for Max Version changed
to TLSv1.2 to prevent service disruption
of mobile applications that enforce certificate pinning, which do
not work with TLSv1.3. For the same reason, when you upgrade to
PAN-OS 10.0, all Decryption profiles with the Max Version set
to Max are automatically reconfigured to TLSv1.2 as
the Max Version. |
Context Switch | After you upgrade to PAN-OS 10.0, you must assign
a Device Admin Role that is pushed to your
managed firewalls when configuring a Panorama Admin Role profile
to allow Device Group and Template administrators to context switch
between the Panorama and firewall web interface. During the
context switch, Panorama validates if the admin has access to a
specific vsys or for all vsys. If the admin has access to all vsys, then
Panorama uses the device admin role context switch. If the admin
has access to one or some of the vsys, then Panorama uses the vsys
admin role to context switch. |
Device-ID | In PAN-OS 9.1 and earlier, the firewall
used the Palo Alto Networks Services service route to send Enhanced
Application Logs (EAL logs). In PAN-OS 10.0 and later versions,
the firewall sends EAL logs using the Data Services service route,
which uses the management interface by default. Other services,
such as Data Loss Prevention (DLP), also use this service route. You
can configure any Layer 3 (L3) interface, including the management
or dataplane interfaces, for the service route. If your firewall
currently sends EAL logs (for example, if you are using Cortex XDR),
the firewall automatically uses the Data Services service route after
you upgrade to PAN-OS 10.0. If you want to use a different interface
for the service route, you can change the service route to any L3 interface. If
you use a log forwarding card (LFC) with the 7000 series, when you
upgrade to PAN-OS 10.0, you must configure the management plane
or dataplane interface for the service route because the LFC ports
do not support the requirements for the service route. We recommend
using the dataplane interface for the Data Services service route. |
Log Forwarding | The PA-7000 series firewall utilizing a
Log Forward Card does not forward logs to an M-Series appliance
in Panorama or Log Collector mode with 10GB network interfaces. To
successfully forward logs from a PA-7000 series firewall utilizing
a Log Forwarding Card, a network switch must be present between
the PA-7000 series lfp0 or lfp1 interfaces
of the Log Forwarding Card and the M-Series appliance for the PA-7000
series firewall. |
Terminal Server (TS) agent | Previously, to exclude the IP Address and Alternative
IP Addresses of a Terminal Server (TS) Agent host from IP address-to-user
mappings, you needed to manually enter those IP Addresses in the Exclude
list. Now, the firewall automatically excludes these IP Addresses
from IP address-to-user mapping. |
User-ID | Previously, if User-ID could not identify
a user from the existing mappings, it would send a query for updated
user mappings to all User-ID agents, which was useful if there was
a longer time interval between updates. Now, the agents send the
mapping updates to the firewall or Panorama in real time so there
is no need to send the query for new mappings. |
Captive Portal (Authentication Portal) | To improve security, the firewall now generates
a token parameter for the Authentication Portal URL when the user's
web traffic matches an Authentication Policy rule. If you have shared
or bookmarked a URL for the Authentication Portal page, after you
upgrade to PAN-OS 10.0, update the bookmarked URL by removing the url parameter
or disable the token generation using the following CLI command
in Configure mode: set deviceconfig setting captive-portal disable-token yes,
then commit the changes using the commit command. |
Local Administrator Authentication | If you have a local administrator account
that authenticates using a remote authentication server such as
a SAML Identity Provider (IdP), you must ensure that the username
that the authentication server sends to the firewall or Panorama
doesn't contain a domain and is identical to the username in the
local administrator account settings on the firewall or Panorama. |
SAML Authentication | The None option for the
Identity Provider Certificate in the SAML Identity Provider server
profile has been removed in this release. To ensure the integrity
of the SAML Responses or Assertions from Identity Provider (IdP),
the firewall or Panorama requires an IdP certificate. The firewall
or Panorama always validates the signature of the SAML Responses
or Assertions against the IdP certificate that you configure. |
PA-7000 Series Firewall Memory Limit for
the Management Server | As of PAN-OS 10.0.1, the PA-7000 Series firewalls
have new CLI commands to enable or disable resource control groups
and new CLI commands to set an upper memory limit of 8G on a process
(mgmtsrvr). To enable resource-control groups,
use: debug software resource-control enableTo
disable resource-control groups, use: debug software resource-control disableTo
set the memory limit, use: debug management-server limit-memory enableTo
remove the memory limit, use: debug management-server limit-memory disableReboot
the firewall to ensure the memory limit change takes effect. |
PAN-OS Root Partition | In PAN-OS versions 9.1 and earlier, the default
threshold for root partition was 95%. In version 10.0 onward, the
default threshold is 90%. |
Device Administrator | Non-superuser administrators with all rights enabled
can Review Policies or Review Apps for
downloaded or installed content versions. |
SSH Service Profile | In PAN-OS 9.1 and earlier releases, you
could generate a new pair of public and private SSH host keys and
change other SSH configuration parameters such as the default host
key type from the CLI. In PAN-OS 10.0 and later releases,
you must create an SSH service profile (DeviceCertificate Management SSH Service Profile) to customize management
and HA SSH configurations. You can configure these profiles from
the CLI or the firewall or Panorama web interface. |
Scheduled Reports for Strata Logging Service | (PAN-OS 10.0.3 or later) Beginning with PAN-OS 10.0.3, support for scheduled reports on Strata Logging Service data is now enabled by default. |
IoT Edge Services | Panorama regularly connects
to the IoT Edge Service to download policy recommendations for IoT
based policies. This connection is attempted by Panorama regardless
of whether the IoT license is active on any managed firewalls. A
high severity gRPC connection failure system log is generated in
the event of connection failure or if Panorama manages no IoT licensed firewall.
No action is needed regarding these system logs if you are not leveraging
the policy recommendation capabilities of IoT or if you are not managing
any IoT licensed firewalls. If you are leveraging the policy recommendation
capabilities of IoT, review the gRPC connection failure system log
to understand what is causing the connection issue between Panorama
and the IoT Edge Service. In PAN-OS 10.0.9 and later releases,
the frequency of connection attempts by Panorama to the IoT Edge
Service is reduced. |
Generate Tech Support File for Firewalls
Managed by Panorama | After upgrading Panorama to PAN-OS 10.0, Panorama
and managed devices must both be running PAN-OS 10.0 or later release
in order for Device Group & Template Admins to generate a Tech
Support file (DeviceSupportGenerate Tech Support File)
when you context switch to the managed firewall web interface. Device
Group & Template admins cannot generate a Tech Support file
when you context switch to the managed firewall web interface running
PAN-OS 9.1 or earlier release. |
Legacy telemetry support still enabled
|
Device telemetry is changed for PAN-OS 10.0 so that more data is
being collected, and the data is being sent to Strata Logging
Service. However, if you had telemetry enabled so that you were
sharing threat intelligence data with Palo Alto Networks prior to
PAN-OS 10.0, then this legacy data collection and sharing is still
occurring after you
upgrade.
|