Focus

Authentication CLI and XML API Changes

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
Networking
Version
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
Incidents & Alerts
Release Notes
Version
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW

CLI and XML API Changes in PAN-OS 8.1

Content Inspection CLI and XML API Changes

Authentication CLI and XML API Changes

CLI and XML API changes to authentication features in PAN-OS 8.1.

PAN-OS 8.1 has the following CLI and XML API changes for Authentication features:

Feature	Change
CLI access over SSH	The minimum and maximum have changed for the amount of data transmitted over the Management (MGT) interface before PAN-OS regenerates the SSH keys that administrators use to access the firewall CLI: PAN-OS 8.0 and earlier releases: # set deviceconfig system ssh session-rekey mgmt data `{1-32 \| default}` PAN-OS 8.1 release: # set deviceconfig system ssh session-rekey mgmt data `{10-4000 \| default}`
LDAP authentication	The minimum value has changed for the interval (in seconds) after which PAN-OS tries to connect to an LDAP server after a previous failed attempt: PAN-OS 8.0 and earlier releases: # set `[shared]` server-profile ldap `<name>` retry-interval `<1-3600>` # set `[vsys <name>]` server-profile ldap `<name>` retry-interval `<1-3600>` PAN-OS 8.1 release: # set `[shared]` server-profile ldap `<name>` retry-interval `<60-3600>` # set `[vsys <name>]` server-profile ldap `<name>` retry-interval `<60-3600>`
RADIUS authentication	PAN-OS no longer provides the option to fall back to Password Authentication Protocol (PAP) when a RADIUS server doesn’t respond to Challenge-Handshake Authentication Protocol (CHAP) requests: PAN-OS 8.0 and earlier releases: # set `[shared]` server-profile radius `<name>` protocol `{CHAP \| PAP \| Auto}` # set `[vsys <name>]` server-profile radius `<name>` protocol `{CHAP \| PAP \| Auto}` PAN-OS 8.1 release: # set `[shared]` server-profile radius `<name>` protocol `{EAP-TTLS-with-PAP \| PEAP-MSCHAPv2 \| PEAP-with-GTC \| CHAP \| PAP}` # set `[vsys <name>]` server-profile radius `<name>` protocol `{EAP-TTLS-with-PAP \| PEAP-MSCHAPv2 \| PEAP-with-GTC \| CHAP \| PAP}`
TACACS+ authentication	PAN-OS no longer provides the option to fall back to Password Authentication Protocol (PAP) when a TACACS+ server doesn’t respond to Challenge-Handshake Authentication Protocol (CHAP) requests: PAN-OS 8.0 and earlier releases: # set `[shared]` server-profile tacplus `<name>` protocol `{CHAP \| PAP \| Auto}` # set `[vsys <name>]` server-profile tacplus `<name>` protocol `{CHAP \| PAP \| Auto}` PAN-OS 8.1 release: # set `[shared]` server-profile tacplus `<name>` protocol `{CHAP \| PAP}` # set `[vsys <name>]` server-profile tacplus `<name>` protocol `{CHAP \| PAP}`

CLI and XML API Changes in PAN-OS 8.1

Content Inspection CLI and XML API Changes

Next-Generation Firewall Docs

Authentication CLI and XML API Changes

Next-Generation Firewall Docs

Authentication CLI and XML API Changes

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner