The PAN-OS^® web interface has a new look and feel to provide an even better user experience. You can see the new branding, colors, and icons in Panorama™ and firewalls running a PAN-OS 10.0 release.

Telemetry data collection is expanded to cover device health and performance, product usage categories, and threat prevention. This data is used to power applications that increase your ability to manage and configure your Palo Alto Networks products and services and to provide improved visibility into device health, performance, capacity planning, and configuration. Palo Alto Networks uses this data to improve threat prevention and to help you maximize your product usage benefits.

The firewall now features new external dynamic list (EDL) log fields to help you quickly identify when an entry in an EDL matches traffic and to which EDL that entry belongs.

If you collect logs from multiple sources, you need detailed log timestamps for SOC troubleshooting, correlation, and visibility to investigate network security events and threats. Now all PAN-OS logs forwarded to an external destination, such as a syslog server or the Cortex™ Data Lake, support millisecond granularity timestamps.

Panorama now writes custom threat object names directly into the PAN-OS logs on the firewall for enhanced monitoring and visibility into your threat data. As a result, the Panorama management server can now report on custom Spyware and Vulnerability threats by name even when a firewall belongs to multiple device groups.

The REST API now includes endpoints that enable you to manage network configurations on the firewall and on Panorama. Secondly, you can now configure administrative role types to provide granular access to REST API endpoints. You can enable, disable, or assign read-only access to each endpoint. Thirdly, access domain enforcement, which enables administrators to manage access to specific domains on Panorama and on firewalls, now extends to the REST API.

You can now configure the firewall to forward logs to Cortex Data Lake through a proxy server. This enables you to send log data to Cortex Data Lake from a network without a default gateway.

Delete, disable, or tag policy rules directly from the Policy Optimizer after filtering unused rules to simplify your policy rulebase management. For example, if you have a rule lifecycle process to identify obsolete rules, you can use the Policy Optimizer to filter, identify and tag the unused rules for offline review. After the review, you can return to view the list of tagged policy rules to delete any obsolete or unused rules.

You can now filter the ACC, Monitoring, and Reports for up to 60 or 90 days. This enables improved performance when querying between 30 and 90 days by optimizing the Panorama query for only relevant logs.

You can now monitor individual dataplane (DP) processor utilization on firewalls with multiple dataplanes (PA-7000 and PA-5200 Series) using the Simple Network Management Protocol (SNMP) HOST-RESOURCES-MIB. Use the SNMP Manager to set alerts when utilization reaches a specific threshold for each DP processor to avoid service availability issues.

You now have improved visibility and troubleshooting for connections to the update server during firewall or Panorama management server registration, content updates, license renewals, and software upgrades. Enhancements include: