What's New in Panorama Plugin for AWS 4.1.0
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What's New in Panorama Plugin for AWS 4.1.0
Learn what new features and functionality was added in the Panorama plugin for AWS
4.1.0
This release introduces tag pruning and nested dynamic address groups support for tag
pruning.
- Tag Pruning: The tag pruning enables you to send IPs for Dynamic Address Groups used in security Policies. You can now monitor and learn more tags. It also overcomes the 10MB payload size limitation.
- Nested Dynamic Address Groups support for Tag Pruning - When Dynamic Address
Groups are created using nesting and parent Dynamic Address Group is used in policy,
the plugin will now learn all the children Dynamic Address Groups and the associated
match criteria. Currently, up to 5 levels of Nested Dynamic Address Groups are
supported. You can nest Dynamic Address Groups in 2 ways:
- Create a static tag, and reference each Dynamic Address Group to nest using the static tag you created. Attach this static tag as match criteria for Dynamic Address Group and use it in a security policy.
- Create Dynamic Address Groups as usual and then create a static address
group that attaches all the Dynamic Address Groups to be nested. Use the
static address group in a security policy. You cannot club the above mentioned use cases together to nest Dynamic Address Groups.
- Using the CLI to enable or disable Tag Pruning- You can now use the command
sdb - request plugins aws set-tag-pruning-flag to set Tag
Pruning. The default values are True to enable, and
False to disable tag pruning. It is recommended run the
following command to request AWS plugin synchronization after toggling tag pruning
SDB, running the following command:request aws plugin sync
- On a High Availability Panorama setup, the tag pruning CLI commands must be configured on both the HA peers.
- Ensure that your tag matching criteria has a definitive format under the Objects section of Panorama when creating Dynamic Address groups.For example:If there is a space between ' and at the start of the IP tag or at the end of the IP tag, then it will be an invalid tag.' aws.ec2.tag.Name.Client-1'- This is an example of invalid tag. The tag contains space between start of the IP tag and the single quote.'aws.ec2.tag.Name.Client-1 '- This is an example of invalid tag. The tag contains space between end of the tag and the single quote.
- You can configure up to 20 Application Accounts on the AWS Plugin.