PAN-OS 8.1 provides new authentication features: Extensible
Authentication Protocol (EAP) Support for RADIUS and Authentication
Using Custom Certificates for WildFire™ and PAN-DB.
New Authentication Feature
EAP Support for RADIUS
To securely transport credentials between the
firewall and the RADIUS server without having to create IPSec tunnels,
you can now use one of three Extensible Authentication Protocol
(EAP) methods: PEAP-MSCHAPv2, PEAP with GTC, and EAP-TTLS with PAP.
You can use this feature for GlobalProtect
Portal authentication and for administrative access to the firewall
and Panorama. For more information, refer to the New Features Guide.
Authentication Using Custom Certificates
for WildFire and PAN-DB
You can now deploy custom certificates to replace
the predefined certificates shipped on Palo Alto Networks appliances
for management connections between WildFire or PAN-DB appliances and
other products in the Palo Alto Networks next-gen security platform.
By generating and deploying custom certificates for each appliance,
you can establish a unique chain of trust between WildFire and PAN-DB
and connected Palo Alto Networks appliances. You can generate these
custom certificates locally or import them from an existing enterprise
public key infrastructure (PKI).