What's New In the Panorama Plugin for Azure 5.1.1
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
What's New In the Panorama Plugin for Azure 5.1.1
What's New in Azure 5.1.1
Tag Pruning
The Panorama plugin for Azure version 5.1.1 introduces tag pruning feature
to increase the scalability and the number of tags collected by the plugin. Tag
Pruning enables the Azure 5.1.1 plugin to collect an increased number of tags and
push them to Panorama without IP addresses. With Tag Pruning, the plugin can send
empty tags to Panorama and only send IP addresses for tags used in Security
Policies. On Panorama, under objects all dynamic address groups that are not used in
security policy will not be populated with IP addresses.
You must commit after you enable/disable tag pruning from CLI to reflect
the change.
Label Filtering Option in Notify Group
Panorama plugin for Azure 5.1.1 adds support for selecting an option to
filter required labels that have tags generated for them. This allows you to limit
the number of tags to sort through when you create a device address group.
When configuring a notify group, you will have the option to Select All
Tags, or select from Custom Tags. The Select All Tags option
will enable the plugin to generate tags for every label it learns.
Under the Custom Tags option, you can select predefined tags and
user tags. The user tags option enables you to specify the labels that you prefer
and generate required tags.
You must enter the key of the user tag to configure the user tags. For
example, StoreStatus and UserID.
Service tags are treated as user tags.
One Service Principal for Multiple Monitoring Definitions
The Panorama plugin for Azure 5.1.1 supports one service Principal for
multiple monitoring definitions. When configuring a monitoring definition, you can
select a region that you want to monitor. Only those resources residing in the
selected region will have IP-tags generated for them. For Azure Regions, if
you select All option, all resources configured under your Azure subscription
will have the IP-tags generated.
No two monitoring definitions can have the exactly same Service Principal
and Azure Regions configured. The plugin will fail the commit
operation for monitoring definitions that have the same Service
Principal and Azure Regions configured.
You can select a monitoring definition and click Dashboard to view
the tag details of a monitoring definition details by region.
The region filter on the Monitoring Definition Detailed Status
dialogue box filters the dashboard details by location. Click more to view
the IP address of the tag and then go to Associated tags to view all tags
associated with this IP address.
Cloud NGFW Rolling Upgrade Notification
The Panorama plugin for Azure 5.1.1 displays Azure Cloud NGFW Notifications
showing messages from cloud device groups related to upcoming scheduled cloud NGFW
rolling upgrades.
You can select Do not show again or Until optionto set the reminder on
the desired date to display the notification message again.
To Delete the message from a cloud device group, go to Azure > Cloud NGFW
>, select Cloud Device Group Name, click Message, and then click
Delete.
Configure Cloud NGFW UserID and Service Route
On the Panorama plugin for Azure 5.1.1, you can configure UserID features
and Service Routes to access your on-prem servers such as LDAP and MFA.
For more information, see Cloud NGFW for Azure.