>
    Strata Copilot
    Management Features
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Features Introduced in PAN-OS 11.2
    4. Management Features
    Download PDF

    Management Features

    Table of Contents

    Management Features

    What new management features are in PAN-OS 11.2?

    Accelerate Insights and Enhance Security with Telemetry Autoenablement

    August 2025
    • Introduced in PAN-OS 11.2.8.
    Telemetry autoenablement for Palo Alto Networks devices streamlines the activation and configuration of telemetry, eliminating complex workflows and manual setup. This feature ensures that upon device onboarding, telemetry is automatically enabled and configured to stream data to the correct data residency region, determined by your location or existing configurations.
    Strata Cloud Manager or hub now manages telemetry settings, rather than individual Panorama or firewall devices. These services store information for all devices within a tenant service group (TSG), simplifying and automating telemetry configuration. This approach removes operational hurdles, enabling full utilization of telemetry's benefits while maintaining control over data sharing preferences.
    Consistent telemetry data streaming provides enhanced security, faster security responses, and access to advanced features through critical threat insights. Telemetry autoenablement ensures your devices send valuable diagnostic and usage information, significantly improving support case resolution times and offering real-time insights into performance, usage, and potential issues.
    You have the ability to manage your telemetry settings at the TSG level, including the option to change the telemetry tier from Full to Diagnostic through the hub interface or Strata Cloud Manager. This tiered approach ensures you can choose the level of information shared while adhering to data privacy requirements. Additionally, all telemetry configuration changes are logged for audit purposes, assisting with compliance and security policy adherence.

    Configuration File Compression

    May 2024
    • Introduced in PAN-OS 11.2.
    Configuration push latency often slows down essential network deployments and complex configuration updates across distributed NGFW. To enhance operational agility and speed, Strata Cloud Manager now optimizes communication protocols for configuration transfers. This crucial update introduces transparent compression for configuration exchanges.
    When a security administrator pushes a configuration change from Strata Cloud Manager to a managed NGFW runningPAN-OS 11.2 or later release, Strata Cloud Manager compresses the XML configuration during transmission. This compression reduces the file size by at least 15% to significantly speeds up deployment times and reduces bandwidth utilization. Additionally, all NGFW responses back to Strata Cloud Manager, including commit status updates and data queries, are also compressed by at least 15%. This two-way compression is transparent to the user and does not affect the NGFW management or data processing functions.

    Strata Cloud Manager Connectivity Using Port 443

    May 2024
    • Introduced in PAN-OS 11.2.
    Palo Alto Networks NGFW (Managed by Strata Cloud Manager) use the dedicated non-standard port 3978 to communicate with Strata Cloud Manager by default. In PAN-OS 11.2, you can instead configure NGFW (Managed by Strata Cloud Manager) onboarding to Strata Cloud Manager to use destination port 443 instead of port 3978. Ports 3978 and 443 offer the same functionality for NGFW (Managed by Strata Cloud Manager) and Strata Cloud Manager communication. However, port 443 offers some distinct advantages when managing your network configurations, reducing your network attack surface, and implementing Security policy rules and audits:
    • Ease of Configuration and Use—Port 443 is the standard port used for HTTP traffic encrypted with SSL. Using port 443 for NGFW (Managed by Strata Cloud Manager) and Strata Cloud Manager communication greatly simplifies network configuration management for both administrators and end users.
      Additionally, many corporate networks restrict incoming and outgoing traffic to a limited set of ports to minimize the network attack surface area. Port 443 is already commonly allowed on most enterprise networks without the need for additional network configurations. Using port 443 for NGFW (Managed by Strata Cloud Manager) and Strata Cloud Manager communication also improves your security posture by reducing the number of ports allowed on your network.
    • Improved Compatibility—Port 443 is universally accepted and is the expected port for secure communications. Security tools that use port 443 are normally compatible with existing security configurations. This greatly reduces the need for custom firewall configurations and rules.

    View Preferred and Base Releases of PAN-OS Software

    May 2024
    • Introduced in PAN-OS 11.2.
    The Panorama web interface now displays the preferred releases and the corresponding base releases of PAN-OS software. Before you upgrade or downgrade Panorama or PAN-OS, you can view the list of preferred and base releases and choose your preferred target PAN-OS release. Preferred releases offer the latest and the most advanced features and ensure stability and performance. When there are no preferred releases available, the corresponding base version is not displayed. If necessary, you can choose to view either preferred releases or base releases.

    © 2025 Palo Alto Networks, Inc. All rights reserved.