Feature Request List

Reply
Highlighted
L7 Applicator

Feature Request List

Hi community

 

In a lot of topics there are discussions and questions about PAN-OS enhancements and missing (not yet implemented) features. So far the PaloAlto Feature Request list isn't available to the public but in a lot of these existing topics feature request IDs (FR ID) are mentionned. Even knowing that PAN-OS is already a feature rich firewall operating system, there is always room for improvement, so I thought it might be helpful for others (and myself) to collect these existing public available FR IDs and summarize them in one topic.

 

IDDescriptionAdditional Information/WorkaroundImplemented in
130Filter Logs by Adress Groups--
204Automatic rollback to last "good" configuration--
241SMTP authentication in Email server profile--
776increase custom report limit beyound Top 500Also in FR ID 1636 and 1693-
889Mac Address as match criteria in security policy--
913Preview response pages directly in the WebUI without having to download them--
919Support for ICAP (Internet Content Adaption Protocol)--
986Custom Reports for System logs--
1172Ignore usergroup from User-ID--
1225Participation of PA firewalls in Spannin Tree--
1370URL column length limit in Reports--
1696Include Interface IP in SNMP MIB--
2153Terminal Server Agent for Linux--
2287Different ACLs for https, snmp, ...--
2666VRRP Support for clusters between PA and other devices--
2924Optain Global Protect IP from DHCP Server--
3051User Activity Report Enhancement (detailed web-browsing statistics including time spent)--
3060DHCPv6 client support--
3495Custom reports for system Logs--
3591/31 subnetmask support for HA1 link--
4035Dedicated Log category for Global Protect--
4443Support for USB modems (3G/4G/5G ...)--
4454gray out policies with expired schedules--
4507Show current interface bandwidth in a dashboard widget and log over time.-Not a dashboard widget but throughbut statistics and other device health metrics are implemented in PAN-OS 8.1
4603Concurrent GP VPN session limit per User--
4669Generate system log upon schedule end--
4670Proactive notification for policies with soon expiring scheduled--
4788Block emails based on domains in "to", "cc" or "bcc", also log these in addition to only "to" and reply with smtp 541 when blocked--
4920Display SFP, SFP+ and QSFP serial number--
5000SCEP Server integrated in the firewall--
5078per-IP Traffic shaping--
5612Automatically disable and remove policies with expired schedules--
5678Log the TLS version of websites and enable reporting about this--
5686DHCP Client Class-ID Setting--
5844BGP SNMP monitorings--
6186Log and report search keywords--
6548Customizable SMTP Response for Vulnerability Protection--
6609Add "Threat Email" to email subject when something malicious was detected and also log "cc" and "bcc"--
7365DHCPv6 Server support--
7654Support of DIPP with non-strict recognition by devices (Cisco ASA like)--
7832User-ID for Azure-AD authenticated users--
9113Integrated addressobjects for well-known cloud services--
9195OCSP stapling support for inbound decryption--
9285Custom configrable MFA integration--
9509DoH (DNS over HTTPS)/DoT (DNS over TLS) Support for DNS Sinkhole Feature--
9522App-ID for DoH (DNS over HTTPS) / DoT (DNS over TLS)Custom App-ID for DoH-
9563Configurable Time when Global Protect Captive Portal Notification should be shownCaptive Portal Notification DelayGlobalProtect 4.1
9958Azure Information Protection (AIP) Tag support for Data FilteringRelease Notes Content Version 8129PAN-OS 8.0 starting with Content Update 8129
10173Automatically open browser when Global Protects a Captive Portal and opens a configurable websiteAutomatically Launch Webpage in Default Browser Upon Captive Portal DetectionGlobal Protect 5.0.4 starting with Content Update 8181
10931use logd disk space (33%) for elasric search in PanoramaPanorama disk space allocation-
11012Windows Server 2019 Support for User-ID Agent-User-ID Agent/PAN-OS 9.0.2
11153Completely remove Global Protect 4.0 Design out of Global Protect 5+--
11211Forced Global Protect network rediscover after IP change--
11251Panorama High Availability: MFA using SAML (Okta)--
11524Use FIB for route monitoring instead of gateway of the route itself--
11763Include the username in the csv with the URL logs when running a user activity reportDownload thelogs directly from the URL logs-
11764Allow for more "User Activity Report" customization - pie charts, different bar charts, color, tables, etc.--
11765WebUI Color/Theme changes (Dark mode)already possible with some browser extensions (or maybe even directly in the browser) by modifying the css-
12264Reporting based on HIP match failures, specially which failed items--
12783Log E-Mail links forwarded to Wildfire--

 

So far I found a few and I'll try to update this topic regularly. If you also know about existing requests, please write them here.

 

Regards,

Remo

L7 Applicator

Re: Feature Request List

Hello @vsys_remo,

I agree, it would be nice if PAN made them public so we could vote on them?

 

Cheers!

 

 

L7 Applicator

Re: Feature Request List

@OtakarKlier,

From what I've seen from my SE, it appears to be a pretty clunky system; likely one of the reasons that Palo has chosen to keep it away form the public. 

L7 Applicator

Re: Feature Request List

I think there are also other and probably even financial reasons why this list isn't public. This list completely public may cause wrong expectations as there is absolutely no guearantee that anything on that list will be implemented. And even when PaloAlto decides to implement a feature from that list - the first time this information becomes public is when a new PAN-OS is released. So even when you created a feature request you won't be notified when the decision is made for the implementation. And the financial reason might be something that it could prevent new deals because customers see that list, pick some IDs and then decides to wait for buying that product until this feature is included.

Yes, personally it would be cool to see that list but not really more. And from a conpany view I am sure this list will never be public.

With this post I simply tried to summarize the information that already made it to the public.

L7 Applicator

Re: Feature Request List

Addes FR ID 9195 - OCSP stapling support for inbound decryption

L7 Applicator

Re: Feature Request List

Addes FR ID 9285 - Custom configurable MFA integration

L7 Applicator

Re: Feature Request List

Added FR ID 986 - Custom Reports for System logs

Added FR ID 9113 - Integrated addressobjects for well-known cloud services

L6 Presenter

Re: Feature Request List

@vsys_remo


@vsys_remo wrote:

Added FR ID 986 - Custom Reports for System logs

Added FR ID 9113 - Integrated addressobjects for well-known cloud services


I'll be adding my company to these FRs.  Especially considering support for global protect pretty much hinges on System logs.

L7 Applicator

Re: Feature Request List

@Brandon_Wertz

For 986 I will also add at least 5 companies ;)

The only reason I haven't done this since I know about this FR is that I was thinking about placing a new FR for a completely new Global Protect log category. What do you think?

L6 Presenter

Re: Feature Request List

I woudl agree 100%.  Maybe even a ACC dashboard item?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!