To maximize this new compatibility with third-party signatures,
you can install the IPS Signature Converter for Panorama,
which provides an automated solution to converting Snort and Suricata
signatures into custom Palo Alto Networks threat signatures.
If used incorrectly, a shorter minimum pattern length and a richer
selection of syntax can degrade firewall performance. Consequences
range from higher latency to dropped packets. To avoid performance
degradation, you can check the performance impact
of your signatures before you commit them.
The new engine also allows you to create context-free signatures
that can match anywhere after the TCP or UDP header. You can configure
this whole-packet matching by selecting
depending on the kind of traffic for which you’re creating the signature.