When the device uses a DNS proxy for the DNS Server setting,
internal queries act according to the service route configuration
to use the MGT interface or explicitly configured dataplane interface
PAN-OS 8.1 has the following changes in default behavior
for networking features:
Jumbo Frame Global MTU
As of PAN-OS 8.1, if you
Global MTU configuration (
) and reboot
your firewall, packet buffers are then redistributed to process
jumbo frames more efficiently.
In releases prior to PAN-OS 8.1, when the
Device uses a DNS Proxy Object for the DNS Server setting (instead
of using the DNS Server’s address), internal DNS queries do not use
the DNS Service Route Configuration if the service route is configured
to use the management interface; instead, internal DNS queries use
the address of the dataplane interface if a dataplane interface
is configured on the DNS proxy object. This also occurs for a virtual
system when the virtual system is configured with a DNS Proxy Object
instead of defaulting to the global Device DNS Server settings.
with PAN-OS 8.1, when the Device uses a DNS Proxy Object for the
DNS Server setting, internal DNS queries act according to the service
route configuration to use the management interface or the explicitly configured
dataplane interface address, whichever is configured.
External Dynamic List Service Routes
When an External Dynamic List service route
is configured to use default values, a user-defined Palo Alto Networks
service route configuration takes precedence (introduced in PAN-OS
8.0). The EDL service route takes precedence
has been explicitly configured. If both service routes are configured
to use defaults, the management port is used to retrieve EDL updates.
Dynamic IP and Port NAT Oversubscription
Beginning with PAN-OS 8.1.0, the default setting
of the Dynamic IP and Port (DIPP) NAT oversubscription rate changed
from 1 to 2 on the VM-100 and VM-200 firewalls.