Management Features
PAN-OS 8.1 introduces the following new management features:
Configuration Table Export, Reporting Engine Enhancements, and Policy
Rule Hit Count. PAN-OS 8.1.1 introduces a Software Integrity Check.
New Management Feature | Description |
---|---|
Rule Usage Tracking | Obsolete or outdated firewall
rules introduce unnecessary security risks that can be exploited
by an attacker to execute a successful cyber attack. With rule usage tracking, you can readily identify unused
rules, validate additions to the rulebase, and evaluate whether the
policy implementation matches your enforcements needs. This capability
gives you a way to identify obsolete rules to aid in the transition
from port-based rules to App-ID based rules. The statistics for monitoring
rule use include a timestamp for the most recent rule match, a timestamp
for the first rule match, and a rule hit counter. |
Configuration Table Export | Auditors often require snapshots of Panorama
and firewall configuration in order to track and validate changes
over time or to demonstrate compliance with industry standards.
You can now export the configuration table of your
rulebases and objects into a PDF or CSV format directly from the
web interface, and provide the auditor an easy way to read and manipulate
the data for analysis. |
Reporting Engine Enhancements | Correlate system events with
user activity to investigate network and platform behavior and use
these correlations to create policies that guard against security
risks and patterns you observe on your network. When a network event
occurs, you can now overlay system logs on top of available activity
logs in the ACC and use the newly added User Activity Report filters
to include or exclude specific users, applications, IP addresses,
or URL categories. Then, use the results of this reporting engine enhancements to reduce
or prevent future risky behavior in your network. |
Enhanced Application Logging | Enable the firewall to collect data that
increases network visibility for Palo Alto Networks applications.
For example, this increased network visibility enables Palo Alto
Networks Magnifier to better categorize and establish a baseline
for normal network activity, in order to detect unusual behavior
that might indicate an attack. Enhanced Application Logging requires
a Logging Service license, and you cannot view enhanced application
logs; they are designed to be consumed only by Palo Alto Networks
applications and services. |
Software Integrity Check | Starting with PAN-OS 8.1.1, firewalls and
Panorama perform software integrity checks for tamper detection
and software corruption. The software integrity check validates
that the operating system and data file structure are intact and
as delivered by Palo Alto Networks. When the check is successful,
a System log of informational severity is generated. If the check
detects a software corruption or possible appliance tampering, it
generates a System log of critical severity on PAN-OS 8.1.1 and
8.1.2. Starting PAN-OS 8.1.3, the appliance goes in to maintenance
mode when the check fails. If you're using Panorama with GlobalProtect
Cloud Service or the Logging Service, you must install Cloud Services
plugin 1.0.3 before you upgrade Panorama to PAN-OS 8.1.1. If you
attempt to upgrade Panorama to 8.1.1 with an Cloud Services plugin
version earlier than 1.0.3, the Panorama upgrade will fail. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.