Document:PAN-OS® New Features Guide
Support for Device Group Hierarchy in the VM-Series NSX edition firewall
Last Updated:
Mon Jul 06 14:59:42 PDT 2020
Current Version:
7.1 (EoL)
Table of Contents
Search the Table of Contents
-
- Upgrade/Downgrade Considerations
- Upgrade the Firewall to PAN-OS 7.1
- Upgrade Firewalls Using Panorama
- Upgrade a Firewall to PAN-OS 7.1
- Upgrade an HA Firewall Pair to PAN-OS 7.1
- Downgrade from PAN-OS 7.1
- Downgrade to a Previous Maintenance Release
- Downgrade to a Previous Feature Release
- Downgrade While Maintaining Enhanced Capacities on PA-3050 Firewalls and PA-3020 Firewalls
-
- Support for ELB on the VM-Series Firewalls in AWS
- Support for Multi-Tenancy and Multiple Sets of Policy Rules on the VM-Series NSX Edition Firewall
- VM-Series for Microsoft Hyper-V
- Support for VMware Tools on Panorama and VM-Series on ESXi
- Support for Device Group Hierarchy in the VM-Series NSX edition firewall
- VM-Series Firewall in Microsoft Azure
- Support for Bootstrapping VM-Series Firewalls
-
- GlobalProtect App for Chrome OS
- GlobalProtect App for Windows Phone
- Simplified GlobalProtect Agent User Interface for Windows and Mac OS
- Dynamic GlobalProtect App Customization
- Enhanced Two-Factor Authentication
- Client Authentication Configuration by Operating System or Browser
- Kerberos for Internal Gateway for Windows
- Customizable Password Expiry Notification Message
- Enhanced Authentication Challenge Support for Android and iOS Devices
- Block Access from Lost or Stolen and Unknown Devices
- Certificate Selection by OID
- Save Username Only Option
- Use Address Objects in a GlobalProtect Gateway Client Configuration
- Maximum Internal Gateway Connection Retry Attempts
- GlobalProtect Notification Suppression on Windows
- Disable GlobalProtect Without Comment
- Pre-logon then On-Demand Connect Method
- Enforce GlobalProtect for Network Access
- Connection Behavior on Smart Card Removal
-
- Failure Detection with BFD
- LACP and LLDP Pre-Negotiation on an HA Passive Firewall
- Binding a Floating IP Address to an HA Active-Primary Firewall
- Multicast Route Setup Buffering
- Per-VLAN Spanning Tree (PVST+) BPDU Rewrite
- Configurable MSS Adjustment Size
- DHCP Client Support on Management Interface
- PA-3000 Series and PA-500 Firewall Capacity Increases
- SSL/SSH Session End Reasons
- Fast Identification and Mitigation of Sessions That Overutilize the Packet Buffer
When deploying the VM-Series NSX edition firewall, you can now use a template stack and a device group hierarchy in the VMware Service Manager configuration on Panorama. Both template stacks and device group hierarchy (introduced in PAN-OS 7.0) allow you to organize devices based on some common criteria in order to minimize redundant configuration.
To create context awareness between the virtual and security environments for Dynamic Address Groups referenced in policy, you can also select one or more device groups in a hierarchy for notification when virtual machines are provisioned or removed from the network. The firewalls use this update to determine the most current list of members that constitute Dynamic Address Groups referenced in policy.
For configuration details, see
Create Template(s) and Device Group(s) on Panorama . For additional new features on the VM-Series NSX edition firewall, see
Support for Multi-Tenancy and Multiple Sets of Policy Rules on the VM-Series NSX Edition Firewall .