Set Commands Changed in PAN-OS 9.0

Command line interface 'set' commands that are changed in PAN-OS 9.0:
The following commands are changed in the 9.0 release:
  • rule_uuid
    ,
    http2_connection
    , and
    url_category_list
    are now options for the following commands:
    set shared reports <name> type url group-by set shared reports <name> type urlsum group-by set reports <name> type url group-by set reports <name> type urlsum group-by
  • rule_uuid
    and
    http2_connection
    are now options for the following commands:
    set shared reports <name> type threat group-by set shared reports <name> type wildfire group-by set shared reports <name> type data group-by set shared reports <name> type thsum group-by set shared reports <name> type traffic group-by set shared reports <name> type trsum group-by set reports <name> type threat group-by set reports <name> type wildfire group-by set reports <name> type data group-by set reports <name> type thsum group-by set reports <name> type traffic group-by set reports <name> type trsum group-by
  • rule_uuid
    is now an option for the following commands:
    set shared reports <name> type tunnel group-by set shared reports <name> type tunnelsum group-by set shared reports <name> type auth group-by set reports <name> type tunnel group-by set reports <name> type tunnelsum group-by set reports <name> type auth group-by
  • fqdn-stale-entry-timeout
    ,
    auto-renew-mkey-lifetime
    ,
    ssh
    and
    http2
    are added to:
    set deviceconfig system
  • The minimum value was 600, it is now 0:
    set deviceconfig system fqdn-refresh-time
  • iptag
    is added to:
    set deviceconfig system log-export-schedule <name> log-type set deviceconfig setting management common-criteria-alarm-generation log-databases-alarm-threshold set shared reports <name> type set shared log-settings set shared log-settings email <name> format set shared log-settings syslog <name> format set shared log-settings http <name> format set shared admin-role <name> role device webui monitor custom-reports set shared admin-role <name> role device webui monitor logs set reports <name> type
  • 3072 and 4096 are added to the possible key sizes:
    set deviceconfig setting ssl-decrypt fwd-proxy-server-cert-key-size-rsa
  • The upperbound for the MTU range is increased from 1460 to 9216:
    set network interface ethernet <name> layer3 mtu
  • 6 is removed from the list of possible values:
    set global-protect global-protect-portal <name> client-config configs <name> gateways external list <name> priority-rule <name
  • source-ip-hash
    ,
    ip-modulo
    ,
    ip-hash
    , and
    least-sessions
    are added to the list of possible options:
    set rulebase nat rules <name> dynamic-destination-translation distribution
  • none
    is added as an option to the following commands:
    set deviceconfig system update-schedule threats recurring set deviceconfig system update-schedule app-profile recurring set deviceconfig system update-schedule anti-virus recurring set deviceconfig system update-schedule wildfire recurring set deviceconfig system update-schedule wf-private recurring set deviceconfig system update-schedule url-database recurring set deviceconfig system update-schedule global-protect-clientless-vpn recurring set deviceconfig system update-schedule global-protect-datafile recurring
  • location
    is added as an option to:
    set deviceconfig setting global-protect
  • hold-client-request
    ,
    header-insert-cleartext-proxy
    ,
    block-on-cleartext-proxy-failure
    ,
    cloud-dns-timeout
    ,
    siptcp-cleartext-proxy
    , and
    http2-cleartext-proxy
    are added as options to:
    set deviceconfig setting ctd
  • session-cache-timeout
    and
    tcp-us-ts
    are added as options to:
    set deviceconfig setting ssl-decrypt
  • express-mode
    is added as an option to:
    set deviceconfig setting session
  • wqe-swbuf-track
    is added as an option to:
    set deviceconfig setting pow
  • api
    ,
    appusage-lifetime
    ,
    support-utf8-for-log-output
    ,
    rule-require-tag
    ,
    rule-require-description
    ,
    rule-fail-commit
    ,
    rule-require-audit-comment
    ,
    rule-audit-comment-regex
    , and
    appusage-policy
    , are added as options to:
    set deviceconfig setting management
  • high-availability
    is added as an option to:
    set network interface ethernet <name> virtual-wire lldp set network interface ethernet <name> layer2 lldp set network interface ethernet <name> layer3 lldp set network interface aggregate-ethernet <name> virtual-wire lldp set network interface aggregate-ethernet <name> layer2 lacp set network interface aggregate-ethernet <name> layer2 lldp set network interface aggregate-ethernet <name> layer3 lacp set network interface aggregate-ethernet <name> layer3 lldp
  • lacp
    is added as an option to:
    set network interface ethernet <name> virtual-wire
  • send-hostname
    is added as an option to:
    set network interface ethernet <name> layer3 dhcp-client set network interface ethernet <name> layer3 units <name> dhcp-client set network interface aggregate-ethernet <name> layer3 dhcp-client set network interface aggregate-ethernet <name> layer3 units <name> dhcp-client set network interface vlan dhcp-client set network interface vlan units <name> dhcp-client
  • ddns-config
    is added as an option to:
    set network interface ethernet <name> layer3 set network interface ethernet <name> layer3 units <name> set network interface aggregate-ethernet <name> layer3 set network interface aggregate-ethernet <name> layer3 units <name> set network interface vlan set network interface vlan units <name>
  • gre
    is added as an option to:
    set network tunnel
  • enable-gre-encapsulation
    is added as an option to:
    set network tunnel ipsec
  • template-name
    is added as an option to:
    set shared certificate-profile <name> CA <name>
  • ocsp-exclude-nonce
    is added as an option to:
    set shared certificate-profile <name>
  • timeout
    is added as an option to:
    set shared log-settings userid match-list <name> actions <name> type tagging set shared log-settings hipmatch match-list <name> actions <name> type tagging set shared log-settings profiles <name> match-list <name> actions <name> type tagging
  • tls-version
    and
    certificate-profile
    are added as options to:
    set shared log-settings http <name> server <name>
  • certificate-profile
    is added as an option to:
    set global-protect global-protect-portal <name> client-config configs <name> hip-collection
  • gre-tunnels
    is added as an option to:
    set shared admin-role <name> role device webui network
  • troubleshooting
    and
    log-settings
    are added as options to:
    set shared admin-role <name> role device webui device
  • enable-hip-collection
    is added as an option to:
    set user-id-agent <name>
  • use-ldap-for-serialno-check
    is added as an option to:
    set group-mapping <name>
  • domain-name
    and
    server-profile
    are added as options to:
    set user-id-collector setting
  • type <WMI|WinRM-HTTP|WinRM-HTTPS>
    is added as an option to:
    set user-id-collector server-monitor <name> active-directory
  • user-credential-or-client-cert-required
    is added as an option to:
    set global-protect global-protect-portal <name> portal-config client-auth <name> set global-protect global-protect-gateway <name> client-auth <name>
  • config-selection
    is added as an option to:
    set global-protect global-protect-portal <name> portal-config
  • certificate
    ,
    custom-checks
    ,
    machine-account-exists
    , are added as options to:
    set global-protect global-protect-portal <name> client-config configs <name>
  • certificate
    , is added as an option to:
    set profiles hip-objects <name>
  • source-address
    ,
    dns-server
    , and
    dns-suffix
    are added as options to:
    set global-protect global-protect-gateway <name> remote-user-tunnel-configs
  • security-restrictions
    is added as an option to:
    set global-protect global-protect-gateway <name>
  • managed
    , and
    serial-number
    are added as options to:
    set profiles hip-objects <name> host-info criteria
  • packet-cpature
    is added as an option to:
    set profiles spyware <name> botnet-domains lists <name>
  • type
    is added as an option to:
    set profiles custom-url-category <name>
  • strip-alpn
    is added as an option to:
    set profiles decryption <name> ssl-forward-proxy
  • expand-domain
    is added as an option to:
    set external-list <name> type domain
  • ip-wildcard
    is added as an option to:
    set address <name>
  • group-tag
    is added as an option to:
    set rulebase security rules <name> set rulebase default-security-rules rules <name> set rulebase application-override rules <name> set rulebase decryption rules <name> set rulebase authentication rules <name> set rulebase tunnel-inspect rules <name> set rulebase nat rules <name> set rulebase qos rules <name> set rulebase pbf rules <name> set rulebase dos rules <name>
  • tunnel-id
    is added as an option to:
    set rulebase tunnel-inspect rules <name>
  • return-vxlan-to-source
    is added as an option to:
    set rulebase tunnel-inspect rules <name> inspect-options
  • dns-rewrite
    is added as an option to:
    set rulebase nat rules <name> destination-translation
  • fqdn
    is added as an option to:
    set rulebase pbf rules <name> action forward nexthop

Recommended For You