Content Inspection Changes in PAN-OS 8.1

Beginning in PAN-OS® 8.1, the firewall forwards SMBv1/2/3 content for WildFire® analysis when using the default WildFire analysis security profile.
PAN-OS® 8.1 has the following change in default behavior for Content Inspection features:
Feature
Change
Enhanced Application Logging
As of PAN-OS 8.1.2, the Enhanced Application Log type that records non-SYN TCP traffic is disabled by default. There aren't any Palo Alto Networks® cloud services or apps that currently leverage non-SYN TCP logs; however, if you enable enhanced application logging and want to capture non-SYN TCP logs, consult your SE or contact Palo Alto Networks Customer Support for assistance.
Critical Content Update Alerts
As of PAN-OS 8.1.2, Palo Alto Networks critical content update alerts are logged as system log entries with the Type
dynamic-updates
and the Event
palo-alto-networks-message
. You can use the following filter to view or set up log forwarding for these type of log entries:
(subtype eq dynamic-updates) and (eventid eq palo-alto-networks-message)
.
In PAN-OS 8.1.0 and PAN-OS 8.1.1, critical content alerts are logged with the Type
general
and the Event
palo-alto-networks-message
:
(subtype eq general) and (eventid eq palo-alto-networks-message)
.
SMB Improvements with WildFire Support
If you previously enabled WildFire® forwarding on your firewall using the default WildFire analysis
Security Profiles
setting, the firewall now forwards files that have been transmitted using the SMB network protocol.

Recommended For You