Management Features

What new management features are in PAN-OS 10.1?
New Management Feature
Description
Audit Tracking for Administrator Activity
PAN-OS 10.1 allows you to track administrator activity in the web interface and command line interface (CLI) to understand where administrators navigated and what operational and debug commands were performed to maintain an audit history for compliance purposes. An audit log is generated and forwarded to your syslog server each time an administrator activity occurs, enabling near real-time reporting of activity.
Device Certificate for Cortex Data Lake
To reduce the number of certificates you need to install and manage to connect to Palo Alto Networks cloud services, you can now authenticate to Cortex Data Lake using a device certificate. This enables you to authenticate to Cortex Data Lake using the same certificate that you would use to connect to Cortex XDR, IoT Security, and Enterprise Data Loss Prevention.
Devices using a device certificate follow a new process to onboard to Cortex Data Lake. Make sure to follow the onboarding process appropriate for your PAN-OS version and deployment style.
Packet Diagnostics Resource Protection
The Packet-Diag command improves and promotes best practices while debugging the firewall. The improvements give you more granular control and automatically safeguards against accidental resource depletion that can impact firewall performance and reduces the amount of time it takes to analyze complex issues.
Packet-Diag logging is now automatically:
  • Disabled after a time out setting (default 60 seconds).
  • After a CPU buffer or threshold is reached.
Packet-Diag filters are also now automatically enabled.
OpenConfig Support
PAN-OS expands its automation capabilities to now support an interface based on the OpenConfig standard data models to simplify deploying firewalls in OpenConfig managed networks. The OpenConfig gNMI/gNOI service is provided through a plugin you can use to manage, configure, generate streaming telemetry, and carry out operational services on the firewall.
Persistent Uncommitted Changes on PAN-OS
All in-process configuration changes are preserved locally in the event your PAN-OS device or a PAN-OS management process restarts before the changes can be successfully committed. This ensures that your uncommitted configuration changes are not lost due to accidental reboots or process restarts, and reduces the operational burden of recreating your configuration changes when an unforeseen restart occurs.

Recommended For You