Learn about the new authentication features in PAN-OS®
New Authentication Feature
Enhanced Authentication Logging
with PAN-OS® 10.0.4 and later 10.0 releases
NewAuthentication Log fields are
now available for Panorama. These log fields allow you to view new
information such as Region, User Agent and Session ID in your Authentication logs
for troubleshooting and to support features in future releases.
Authentication Portal Exclusion for Predefined Domains
Many applications require access to the internet
for updates or other services, but in some cases, the Authentication
policy may block access. To easily exclude benign background application traffic
(such as Windows Update) on user devices from Authentication policy
and prevent service interruption, you can use a new external dynamic list
(EDL): the Palo Alto Networks Authentication Portal Exclude List.
Palo Alto Networks maintains and updates this EDL so that you don't
need to manually discover and add all the domains that background
applications use to an allow list.
Improved Authentication Rate for Large-Scale Deployments
To enforce Authentication policy in environments
with large numbers of users, the firewall now uses a multi-threaded
process to simultaneously authenticate more users with protocols
such as Security Assertion Markup Language (SAML), Kerberos, or
the MFA API.
TLS Encryption for Email Server Profiles
You can now configure the firewall and Panorama
to send all data for an email server profile, including aggregated
logs and reports, over an encrypted TLS connection (as long as the
email server supports it). Using an encrypted TLS connection to
securely send reports and logs prevents security risks, supports
cloud-based email servers that require encryption, and helps ensure compliance
with security audits.