Authentication CLI and XML API Changes

PAN-OS® 8.0 has the following CLI and XML API changes for Authentication features:
Feature
Change
Authentication policy
With Authentication policy replacing Captive Portal policy, the related CLI commands have changed:
  • PAN-OS 7.1 and earlier releases:
    > show running captive-portal-policy 
    > test cp-policy-match * 
    # show rulebase captive-portal * 
    # set import resource max-cp-rules <0-4000> 
    # set rulebase captive-portal * 
    # set shared admin-role <name> role device webui policies 
    captive-portal-rulebase {enable | read-only | disable} 
    # set import resource max-cp-rules <0-4000>
  • PAN-OS 8.0 release:
    > show running authentication-policy 
    > test authentication-policy-match * 
    # show rulebase authentication * 
    # set import resource max-auth-rules <0-4000> 
    # set rulebase authentication rules * 
    # set shared admin-role <name> role device webui policies 
    authentication-rulebase {enable | read-only | disable} 
    # set import resource max-auth-rules <0-4000>
Certificate management
With the introduction of decryption for Elliptical Curve Cryptography (ECC) Certificates, the following CLI command has been replaced with two algorithm-specific commands:
  • PAN-OS 7.1 and earlier releases:
    # set deviceconfig setting ssl-decrypt fwd-proxy-server-cert-key-size
    {0 | 1024 | 2048}
  • PAN-OS 8.0 release:
    # set deviceconfig setting ssl-decrypt 
    fwd-proxy-server-cert-key-size-rsa {0 | 1024 | 2048} 
    # set deviceconfig setting ssl-decrypt 
    fwd-proxy-server-cert-key-size-ecdsa {0 | 256 | 384}
Hardware security modules
CLI commands related to SafeNet Network HSM (formerly Luna SA) now reflect the new name:
  • PAN-OS 7.1 and earlier releases:
    # show deviceconfig system hsm-settings provider safenet-luna-sa * 
    # set deviceconfig system hsm-settings provider safenet-luna-sa *
  • PAN-OS 8.0 release:
    # show deviceconfig system hsm-settings provider safenet-network * 
    # set deviceconfig system hsm-settings provider safenet-network *

Related Documentation