|
|
|
|
|
![]() |
|
|
|
![]() |
Document:PAN-OS® New Features Guide
User Group Capacity Increase
Last Updated:
Mon Jul 06 14:59:42 PDT 2020
Current Version:
7.1 (EoL)
Table of Contents
Search the Table of Contents
-
- Upgrade/Downgrade Considerations
- Upgrade the Firewall to PAN-OS 7.1
- Upgrade Firewalls Using Panorama
- Upgrade a Firewall to PAN-OS 7.1
- Upgrade an HA Firewall Pair to PAN-OS 7.1
- Downgrade from PAN-OS 7.1
- Downgrade to a Previous Maintenance Release
- Downgrade to a Previous Feature Release
- Downgrade While Maintaining Enhanced Capacities on PA-3050 Firewalls and PA-3020 Firewalls
-
- Support for ELB on the VM-Series Firewalls in AWS
- Support for Multi-Tenancy and Multiple Sets of Policy Rules on the VM-Series NSX Edition Firewall
- VM-Series for Microsoft Hyper-V
- Support for VMware Tools on Panorama and VM-Series on ESXi
- Support for Device Group Hierarchy in the VM-Series NSX edition firewall
- VM-Series Firewall in Microsoft Azure
- Support for Bootstrapping VM-Series Firewalls
-
- GlobalProtect App for Chrome OS
- GlobalProtect App for Windows Phone
- Simplified GlobalProtect Agent User Interface for Windows and Mac OS
- Dynamic GlobalProtect App Customization
- Enhanced Two-Factor Authentication
- Client Authentication Configuration by Operating System or Browser
- Kerberos for Internal Gateway for Windows
- Customizable Password Expiry Notification Message
- Enhanced Authentication Challenge Support for Android and iOS Devices
- Block Access from Lost or Stolen and Unknown Devices
- Certificate Selection by OID
- Save Username Only Option
- Use Address Objects in a GlobalProtect Gateway Client Configuration
- Maximum Internal Gateway Connection Retry Attempts
- GlobalProtect Notification Suppression on Windows
- Disable GlobalProtect Without Comment
- Pre-logon then On-Demand Connect Method
- Enforce GlobalProtect for Network Access
- Connection Behavior on Smart Card Removal
-
- Failure Detection with BFD
- LACP and LLDP Pre-Negotiation on an HA Passive Firewall
- Binding a Floating IP Address to an HA Active-Primary Firewall
- Multicast Route Setup Buffering
- Per-VLAN Spanning Tree (PVST+) BPDU Rewrite
- Configurable MSS Adjustment Size
- DHCP Client Support on Management Interface
- PA-3000 Series and PA-500 Firewall Capacity Increases
- SSL/SSH Session End Reasons
- Fast Identification and Mitigation of Sessions That Overutilize the Packet Buffer
On PA-5060 and PA-7000 Series firewalls that are configured without multiple virtual systems (feature is disabled), you can now base policies on up to 3,200 distinct user groups instead of 640. This ensures continued security on networks that use a large number of
groups to control access to resources .