Authentication CLI and XML API Changes

PAN-OS® 8.0 has the following CLI and XML API changes for Authentication features:
Feature
Change
Authentication policy
With Authentication policy replacing Captive Portal policy, the related CLI commands have changed:
  • PAN-OS 7.1 and earlier releases:
    >
    show running captive-portal-policy
    >
    test cp-policy-match *
    #
    show rulebase captive-portal *
    #
    set import resource max-cp-rules
    <0-4000>
    #
    set rulebase captive-portal *
    #
    set shared admin-role
    <name>
    role device webui policies captive-portal-rulebase {enable | read-only | disable}
    #
    set import resource max-cp-rules
    <0-4000>
  • PAN-OS 8.0 release:
    >
    show running authentication-policy
    >
    test authentication-policy-match *
    #
    show rulebase authentication *
    #
    set import resource max-auth-rules
    <0-4000>
    #
    set rulebase authentication rules *
    #
    set shared admin-role
    <name>
    role device webui policies authentication-rulebase {enable | read-only | disable}
    #
    set import resource max-auth-rules
    <0-4000>
Certificate management
With the introduction of decryption for Elliptical Curve Cryptography (ECC) Certificates, the following CLI command has been replaced with two algorithm-specific commands:
  • PAN-OS 7.1 and earlier releases:
    #
    set deviceconfig setting ssl-decrypt fwd-proxy-server-cert-key-size {0 | 1024 | 2048}
  • PAN-OS 8.0 release:
    #
    set deviceconfig setting ssl-decrypt fwd-proxy-server-cert-key-size-rsa {0 | 1024 | 2048}
    #
    set deviceconfig setting ssl-decrypt fwd-proxy-server-cert-key-size-ecdsa {0 | 256 | 384}
Hardware security modules
CLI commands related to SafeNet Network HSM (formerly Luna SA) now reflect the new name:
  • PAN-OS 7.1 and earlier releases:
    #
    show deviceconfig system hsm-settings provider safenet-luna-sa *
    #
    set deviceconfig system hsm-settings provider safenet-luna-sa *
  • PAN-OS 8.0 release:
    #
    show deviceconfig system hsm-settings provider safenet-network *
    #
    set deviceconfig system hsm-settings provider safenet-network *

Related Documentation