As of PAN-OS 8.1, if you

Enable Jumbo Frame

Global MTU configuration (

Device

Setup

Session

Session Settings

) and reboot your firewall, packet buffers are then redistributed to process jumbo frames more efficiently.

In releases prior to PAN-OS 8.1, when the Device uses a DNS Proxy Object for the DNS Server setting (instead of using the DNS Server’s address), internal DNS queries do not use the DNS Service Route Configuration if the service route is configured to use the management interface; instead, internal DNS queries use the address of the dataplane interface if a dataplane interface is configured on the DNS proxy object. This also occurs for a virtual system when the virtual system is configured with a DNS Proxy Object instead of defaulting to the global Device DNS Server settings.

Beginning with PAN-OS 8.1, when the Device uses a DNS Proxy Object for the DNS Server setting, internal DNS queries act according to the service route configuration to use the management interface or the explicitly configured dataplane interface address, whichever is configured.

When an External Dynamic List service route is configured to use default values, a user-defined Palo Alto Networks service route configuration takes precedence (introduced in PAN-OS 8.0). The EDL service route takes precedence

only

when it has been explicitly configured. If both service routes are configured to use defaults, the management port is used to retrieve EDL updates.