User-ID Features

Learn about the new User-ID™ features in PAN-OS 10.0.
New User-ID Feature
Description
Streamlined and Resilient Redistribution
Redistribution for User-ID mappings is now more resilient, scalable, and easier to manage. The new data redistribution feature uses a more efficient distribution method, supports new filters for data types and network ranges, and provides a centralized interface and new CLI commands to troubleshoot and manage redistribution.
Authentication with Custom Certificates for Redistribution
During redistribution, you can now use custom certificates issued by your enterprise certificate authority (CA) instead of predefined certificates to establish a unique chain of trust for mutual authentication between firewalls, between firewalls and User-ID agents, and between a firewall and Panorama.
Enhanced Support for Syslog Messages
In dual-stacked environments where an endpoint has both an IPv4 and IPv6 address, the firewall can now match multiple IPv4 and IPv6 addresses in a single syslog message to obtain IP address-to-username mappings. This eliminates the need to set up an infrastructure to send syslog messages through the firewall multiple times (due to multiple addresses per message). Additionally, the firewall can now parse syslog messages of up to 8,000 bytes to ensure the firewall successfully maps IP address-to-username information from User-ID sources that generate longer syslog messages.

Recommended For You