Learn about the new User-ID™ features in PAN-OS 10.0.
New User-ID Feature
Streamlined and Resilient Redistribution
Redistribution for User-ID mappings is now
more resilient, scalable, and easier to manage. The new data redistribution
feature uses a more efficient distribution method, supports new
filters for data types and network ranges, and provides a centralized
interface and new CLI commands to troubleshoot and manage redistribution.
Authentication with Custom Certificates
During redistribution, you can now use custom certificates
issued by your enterprise certificate authority (CA) instead of
predefined certificates to establish a unique chain of trust for
mutual authentication between firewalls, between firewalls and User-ID
agents, and between a firewall and Panorama.
Enhanced Support for Syslog Messages
In dual-stacked environments where an endpoint
has both an IPv4 and IPv6 address, the firewall can now match multiple
IPv4 and IPv6 addresses in a single syslog message to obtain IP
address-to-username mappings. This eliminates the need to set up
an infrastructure to send syslog messages through the firewall multiple
times (due to multiple addresses per message). Additionally, the
firewall can now parse syslog messages of up to 8,000 bytes to ensure
the firewall successfully maps IP address-to-username information
from User-ID sources that generate longer syslog messages.