Content Inspection Changes in PAN-OS 8.1
Beginning in PAN-OS® 8.1, the firewall forwards SMBv1/2/3 content for WildFire® analysis when using the default WildFire analysis security profile.
PAN-OS® 8.1 has the following change in default behavior for Content Inspection features:
|Enhanced Application Logging|
As of PAN-OS 8.1.2, the Enhanced Application Log type that records non-SYN TCP traffic is disabled by default. There aren't any Palo Alto Networks® cloud services or apps that currently leverage non-SYN TCP logs; however, if you enable enhanced application logging and want to capture non-SYN TCP logs, consult your SE or contact Palo Alto Networks Customer Support for assistance.
|Critical Content Update Alerts|
As of PAN-OS 8.1.2, Palo Alto Networks critical content update alerts are logged as system log entries with the Type dynamic-updates and the Event palo-alto-networks-message. You can use the following filter to view or set up log forwarding for these type of log entries: (subtype eq dynamic-updates) and (eventid eq palo-alto-networks-message).
In PAN-OS 8.1.0 and PAN-OS 8.1.1, critical content alerts are logged with the Type general and the Event palo-alto-networks-message: (subtype eq general) and (eventid eq palo-alto-networks-message).
|SMB Improvements with WildFire Support|
If you previously enabled WildFire® forwarding on your firewall using the default WildFire analysis Security Profiles setting, the firewall now forwards files that have been transmitted using the SMB network protocol.
Troubleshoot Content Update Issues
Here’s what you should do to reduce the chance that a content release might impact your network in an unexpected way. ...
Best Practices for Content Updates—Security-First
Follow these best practices to deploying content updates in a security-first network, where threat prevention is top priority. ...
Best Practices for Content Updates—Mission-Critical
Follow these best practices to deploying content updates in a mission-critical network, where application availability is top priority. ...
Content Inspection Features
PAN-OS 8.1 provides the content inspection features: SCTP Security, Rapid Deployment of the Latest Threat Prevention Updates, and Tools to Avoid or Mitigate Content Update ...
Tools to Avoid or Mitigate Content Update Issues
Tools to Avoid or Mitigate Content Update Issues Palo Alto Networks Application and Threat Content Updates undergo rigorous performance and quality assurance; however, because there ...
Configure Application and Threat Content Updates
Take these steps to activate a Threat Prevention license and to set the schedule for a Palo Alto Networks next-gen firewall to get the latest ...