Content Inspection Changes in PAN-OS 8.1

Beginning in PAN-OS® 8.1, the firewall forwards SMBv1/2/3 content for WildFire® analysis when using the default WildFire analysis security profile.
PAN-OS® 8.1 has the following change in default behavior for Content Inspection features:
FeatureChange
Enhanced Application Logging
As of PAN-OS 8.1.2, the Enhanced Application Log type that records non-SYN TCP traffic is disabled by default. There aren't any Palo Alto Networks® cloud services or apps that currently leverage non-SYN TCP logs; however, if you enable enhanced application logging and want to capture non-SYN TCP logs, consult your SE or contact Palo Alto Networks Customer Support for assistance.
Critical Content Update Alerts
As of PAN-OS 8.1.2, Palo Alto Networks critical content update alerts are logged as system log entries with the Type dynamic-updates and the Event palo-alto-networks-message. You can use the following filter to view or set up log forwarding for these type of log entries: (subtype eq dynamic-updates) and (eventid eq palo-alto-networks-message).
In PAN-OS 8.1.0 and PAN-OS 8.1.1, critical content alerts are logged with the Type general and the Event palo-alto-networks-message: (subtype eq general) and (eventid eq palo-alto-networks-message).
SMB Improvements with WildFire Support
If you previously enabled WildFire® forwarding on your firewall using the default WildFire analysis Security Profiles setting, the firewall now forwards files that have been transmitted using the SMB network protocol.

Related Documentation