Changes to Default Behavior in PAN-OS 10.2
What default behavior changes impact PAN-OS 10.2?
The following table details the changes
in default behavior upon upgrade to PAN-OSĀ® 10.2. You may also want
to review the Upgrade/Downgrade Considerations before upgrading
to this release.
Feature | Change |
---|---|
Administrator Login | Usernames that contain all numbers are no longer
valid. For example, the username 12345678 does
not work. Usernames that include at least one alphabetical
or legal symbol character are valid, such as 1234_567 , 1234a789_ ,
and c7897432 . |
Masterd Rename | With PAN-OS 10.2 all instances of masterd
in the CLI were replaced with MD. |
Shared Configuration Objects
for Multi-vsys Firewall Managed by Panorama | For multi-vsys firewalls managed
by a Panorama managed server, configuration objects in the Shared
device group are now pushed to a Panorama Shared configuration context
for all virtual systems rather than duplicating the shared configuration
to each virtual system to reduce the operational burden of scaling
configurations for multi-vsys firewalls. The following configurations
cannot be added to the Shared Panorama location and are replicated to
the Panorama location of each vsys of a multi-vsys firewall.
|
Certificates | On upgrade to PAN-OS 10.2, it is required that
all certificates meet the following minimum requirements:
See the PAN-OS Administrator's Guide or Panorama Administrator's Guide for
more information on regenerating or re-importing your certificates. |
Advanced Routing Engine | With Advanced Routing enabled, by default connected
peers prefer a link-local next-hop address over a global next-hop
address. |
Advanced Routing Engine and BFD | On a firewall with Advanced Routing enabled, BFD
session establishment for iBGP peers is changed. Any iBGP peers
over a loopback address are not considered to be directly connected
and therefore should enable the multihop option in the BFD profile
and specify Minimum Rx TTL accordingly. |
Selective Push for Prisma Access (Panorama
Managed) PAN-OS 10.2.2 and later releases | Pushing selective configuration
changes to Prisma Access in Panorama Managed Prisma
Access deployments is no longer supported. To push selective configuration
changes to Prisma Access:
|
Scheduled Log Export | Scheduled log exports ( Device Log Export Workaround: When scheduling your log exports,
maintain at least 6 hours between each scheduled log export. |
Test SCP Server Connection PAN-OS 10.2.4 and later releases | To test the SCP server connection when you schedule a configuration
export ( Panorama Schedule Config Export Device Scheduled Log Export Password and
Confirm Password to test the SCP server
connection and enable the secure transfer of data.You must also enter the clear text SCP server
Password and Confirm
Password when you test the SCP server connection
from the firewall or Panorama
CLI.
|
Enterprise data loss prevention (DLP) Predefined Data Filtering
Profiles | After successful upgrade to PAN-OS 10.2.4 with Panorama plugin for
Enterprise DLP 3.0.4 or later release installed, the default
File Direction for predefined data
filtering profiles (Objects DLP Data Filtering Profiles Both . |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.