You can now configure the cookie expiration period from 1 to 5 years, while the default remains as 6 months. The encrypted cookie stored on an Large Scale VPN (LSVPN) satellite expires after every 6 months. This causes the VPN tunnels associated with the satellite to go down, causing an outage until the satellite is re-authenticated to the LSVPN portal or gateway and a new cookie is generated. A re-authentication every six months causes administrative overhead, affecting productivity, network stability, and resources of the company.

To reduce administrative overhead, we’ve extended the cookie expiration period from 6 months to 5 years.

One type of source NAT is Dynamic IP and Port (DIPP). Some applications, such as VoIP, video, and others, use DIPP and may require Session Traversal Utilities for NAT (STUN) protocol. DIPP NAT uses symmetric NAT, which may have compatibility issues with STUN. To alleviate those issues, persistent NAT for DIPP provides additional support for connectivity with such applications. When you enable persistent NAT for DIPP, the binding of a private source IP address and port to a specific public (translated) source IP address and port persists for subsequent sessions that arrive having that same original source IP address and port.

A PA-7050 or PA-7080 firewall that has an aggregate interface group configured using different line cards will correctly handle fragmented packets after you run the CLI operational command: set ae-frag redistribution-policy hash.

You can now not only decrypt but also broker all traffic—decrypted TLS, non-decrypted TLS, and non-TLS—to a suite of vendor-agnostic security tools such as IPS, IDS, and SIEM devices for inspection. Network Packet Broker eliminates the need to purchase and maintain dedicated, single-function appliances to decrypt and manage security chain devices. You can filter and forward traffic to one chain or to multiple chains of security devices based on application, user, IP address, device, and zone. You can also load balance traffic and eliminate single points of failure. The feature enables you to consolidate security tools with overlapping functionality, which simplifies your network and reduces capital and operating expenses.