To strengthen the security of onboarding new firewalls, Log Collectors, and WildFire appliances running PAN-OS 10.1.0 and later releases, a device registration authentication key is required for mutual authentication between the Panorama management server and the firewall, Log Collector, or WildFire appliance on first connection. Each device registration authentication key configured on Panorama is unique and allows for customizable parameters such as the key lifetime and the number of times the key can be used before it becomes invalid.

In PAN-OS 10.1, a configuration push to multiple virtual systems of the same managed firewall running PAN-OS 10.1 are combined into a single commit operation on the firewall regardless of how many device groups the virtual systems are a part of. This optimization dramatically reduces the time required to deploy device group configuration changes to multiple virtual systems of a mutli-vsys firewall managed by Panorama.

In PAN-OS 10.1, you can now schedule configuration pushes to ease your operational overhead for any size deployment irrespective of location and maintenance window times. For example, scheduling your configuration pushes improves the efficiency of operations during short maintenance windows by eliminating human delays as well as speeding up change deployments to multi-vsys firewalls (with the optimization for multiple virtual systems as described next). The flexibility of scheduled configuration pushes allow you to create a one-time push or schedule recurring pushes to provide you with an automated way to deploy routine or pre-approved changes to your managed firewalls.