The firewall and Panorama™ now queue commit operations
so that you can initiate a new commit while a previous commit is still in progress. This enables you to activate configuration changes without having to coordinate commit times with other administrators. For example, after reconfiguring a firewall locally, you can initiate a firewall commit while it is still receiving device group and template settings that a Panorama administrator committed. In Panorama, you can also initiate a single commit to push settings from multiple device groups that target different virtual systems on the same firewall instead of committing from one device group at a time.
Synchronization of SNMP Trap and MIB Information
When an event triggers SNMP trap generation (for example, an interface goes down), the firewall, Panorama virtual appliance, M-Series appliance, and WF-500 appliance now update the corresponding SNMP object
in response (for example, the interfaces MIB) instead of waiting for the 10-second timer to expire and allowing SNMP queries to receive out-of-sync replies. This ensures that your network management system displays the latest information when polling an object to confirm the event.
Banners and Message of the Day
For the firewall and Panorama, you can now customize the web interface
Force administrators to acknowledge the login banner to ensure they see information they need to know before they log in, such as login instructions.
message of the day
that displays in a dialog after administrators log in to ensure they see important information, such as an impending system restart, that can affect their tasks. The same dialog also displays messages that Palo Alto Networks embeds to highlight important information associated with a software or content release.
Add colored bands that highlight overlaid text across the top (
) and bottom (
) of the web interface to ensure administrators see critical information, such as the classification level for firewall administration.
Support for Certificates Generated with 4,096-bit RSA Keys
The firewall and Panorama now support certificates generated with 4,096-bit RSA keys, which are more secure than smaller keys. You can use these certificates to authenticate clients, servers, users, and devices in several applications, including SSL/TLS decryption, Captive Portal, GlobalProtect™, site-to-site IPSec VPN, and web interface access.
Bootstrapping Firewalls for Rapid Deployment
For agility and efficiency in deploying the Palo Alto Networks next-generation firewall at a remote site or at a data center, you can now fully provision (bootstrap) a firewall with or without Internet access. Bootstrapping reduces operational effort and service-ready time by eliminating manual configuration steps and user errors when deploying new firewalls. You can now bootstrap the firewall
using an external device—a USB flash drive or a virtual CD ROM/DVD—and accelerate the process of configuring and licensing the firewall. The bootstrapping process is supported on all hardware-based firewalls and on VM-Series firewalls in both the private cloud (KVM, ESXi, Hyper-V) and the public cloud (AWS, Azure).
Starting with PAN-OS 7.1.4, you can bootstrap the KVM edition of the VM-Series firewall in an OpenStack environment.
Web Interface Design Refresh
The web interface design on Panorama and the firewalls is redesigned with new icons and buttons and an updated font and color scheme. This modernization does not include any changes in layout or workflows to ensure that you do not need to re-familiarize yourself with the user interface.
New API Request to Show PAN-OS Version
You can now use the PAN-OS XML API to show the PAN-OS version
on a firewall or Panorama. In addition to the PAN-OS version, this new API request type (
) provides a direct way to obtain the serial number and model number.
A new unified log view
allows you to view the latest Traffic, Threat, URL Filtering, WildFire™ Submissions, and Data Filtering logs on a single page. While the individual log views are still available for these log types, the unified log view enables you to investigate and filter these different types of logs in a single view.
Unified logs also allows you to perform a search from AutoFocus to a targeted firewall or Panorama. Learn more about how to use AutoFocus with a firewall or Panorama.
AutoFocus and PAN-OS Integrated Logs
AutoFocus™ threat intelligence data is now integrated with PAN-OS logs, providing you with a global context for individual event logs. You can now click on an IP address, URL, user agent, filename, or hash in a PAN-OS log entry to display an AutoFocus threat intelligence summary
of the latest findings and statistics for that artifact. Use the new AutoFocus summary for log entry artifacts to quickly assess the pervasiveness and risk of an artifact while still in the firewall or Panorama context. You can then open an expanded AutoFocus search directly from the firewall or Panorama.
Explore the features that allow you use AutoFocus with a firewall or Panorama.
Administrator Login Activity Indicators
To detect misuse and prevent exploitation of administrator accounts on a Palo Alto Networks firewall or Panorama, the web interface and the command line interface (CLI) now display the last login time and any failed login attempts when an administrator logs in to the interface. These administrator login activity indicators
allow you to easily identify whether someone is using your administrative credentials to launch an attack.