>
    Strata Copilot
    Panorama Features
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Features Introduced in PAN-OS 11.1
    4. Panorama Features
    Download PDF

    Panorama Features

    Table of Contents

    Panorama Features

    What new Panorama™ management server features are in PAN-OS 11.1?

    Enable or Disable Selective Push

    December 2025
    • Introduced in PAN-OS 11.1.13
    While a selective push (Push Changes Made By) is efficient because it only pushes configurations modified by specific administrators, some environments might demand the highest level of configuration assurance, which might require a full push (Push All Changes). To enforce this consistency and gain explicit control over deployments, you can manually enable or disable selective push.
    Guidelines for disabling selective push
    • Selective push is enabled by default on Panorama. Disabling selective push removes the option for administrators to push only their specific changes, thereby ensuring a full configuration push every time.
    • Enabling selective push does not restrict your ability to manually perform a full push when necessary.
    • You can disable selective push if you have an explicit requirement to force a full configuration push for every deployment or push
    • You can monitor and configure the selective push state using either the Panorama web interface or the Command Line Interface (CLI).
    Requirements for modifying the selective push state
    • You cannot enable or disable selective push when a local Commit is in progress, or if a Commit and Push is pending. It is a best practice to either enable or disable selective push during a maintenance window or when no administrators are actively using Panorama.
    • If HA is configured, selective push is automatically enabled or disabled on the passive Panorama during failover. Consequently, if the passive Panorama is unreachable or not responding, you cannot enable or disable selective push on the active device.
    • You cannot disable selective push if there are active scheduled config push admin-based configurations.

    Increased Device Management Capacity for the Panorama Virtual Appliance

    November 2023
    • Introduced in PAN-OS 11.1.0
    To ease the operational burden of managing the configuration of your large-scale firewall deployments, the Panorama virtual appliance now supports management of up to 5,000 Palo Alto Networks Next-Generation Firewalls (NGFW) with a Panorama virtual appliance in Management Only mode. To use a single Panorama virtual appliance to manage up to 5,000 Next-Generation firewalls you must install the Panorama virtual appliance in a supported private or public hypervisor with the minimum virtual resources required to support large-scale device management.

    New Template Variables

    November 2023
    • Introduced in PAN-OS 11.1.0
    Template and template stack variables enable you to more easily reuse templates or template stacks by allowing you to replace template configuration objects with a template variable with a value specific to one or more devices. This enables you to reduce the total number of template and template stacks you need to manage while allowing you to keep any device-specific configuration values. You can now use template and template stack variables to replace hostname, IPv4 subnet, IPv6 subnet, and Pre Shared Keys in your managed firewall configurations on your Panorama® management server.
    • Hostname—Label or human readable name assigned to a device connected to the network.
    • IPv4 Subnet—Subnet for IPv4 IP addresses. For example, 255.255.254.0.
    • IPv6 Subnet—Subnet for IPv6 IP addresses. For example, 201:db8:3:4:6:7:8:f.
    • Pre Shared Key—Security key for authentication when configuring a VPN tunnel. Up to 255 ASCII or non-ASCII keys are supported.

    © 2025 Palo Alto Networks, Inc. All rights reserved.