Feature Request List

Reply
Highlighted
L7 Applicator

Re: Feature Request List

Added FR ID 13046: Support gMSA Accounts for User-IP-Mappings

Description: Currently only standard windows Useraccounts can be identified by PaloAlto User-ID Agent. This capability should be extended to group managed service accounts as more and more of them will be used in windows environments. This way it remains possible to restrict access from servers to specific ressources so that the installed software is able to communicate but not an admin which might be able to log in to the specific server.

Highlighted
L0 Member

Re: Feature Request List

Hi.

I have several feature request for Palo Alto firewalls:

  1. Implement VM information sources for Azure. Right now it works via Panorama Azure plugin. But why does not have it on firewall as well like being implemented for other cloud platform like AWS or GCP.
  2. Support telemetry type of monitoring along with SNMP.
  3. Support ECDHE_RSA with X25519 for TLS decryption
Highlighted
L7 Applicator

Re: Feature Request List

@duclenoc,

To create a new Feature Request you'll need to reach out to your SE to get them into the system. Once that's done and you have the FR numbers, post them here so people can add their votes to the FR. 

Highlighted
L1 Bithead

Re: Feature Request List

Please add FR ID: 13414

Highlighted
L7 Applicator

Re: Feature Request List

Added FR ID 13414: Negate source user

Thanks for sharing @SCarraway 

Highlighted
L1 Bithead

Re: Feature Request List

It would be nice to be able to associate an address group object with a IPsec VPN tunnel Proxy ID. It can be tedious to add multiple local subnets/addresses to local subnets/addresses per line in the configuration. Maybe incorporate tagging as well. It would make it easier/quicker to setup the static routes for the remote subnets as well and less chance of error (fat fingering) during the configuration.

 

I'll update this with the FR ID from my SE when I get it.

L2 Linker

Re: Feature Request List

It would be awesome to harden Android GlobalProtect when it's in Always-On mode. Despite that the admin can disable sign out, GP can be simply killed by the Android OS, or a user can simply remove the app from the phone, or kill the VPN in the settings. Yes, you can try to configure it on MDM, but it means a different ifrastructure, and, in most cases MDM will not help for BYOD devices.

Look how it's been done on Checkpoint Sandblast, or google maps or any other navigation system. It can't be killed by the os at any time or by another app. Or look how kaspersky implemented their antivirus solution. no way to get it removed without knowing the password. So why GP is so weak then ?

Another awesome feature would be if GP could detect from which android app the traffic is being sourced. For example if you watch youtube and use google play store, you can't differentiate the traffic, because in both cases they're using QUIC. You can't decrypt quic, disabling quic means you will make google play not working, so how can we, for example, enable google play, but disable watching youtube videos using youtube app. Or their google maps are also using quic.

Highlighted
L0 Member

Re: Feature Request List

Hello Palo Alto teams !

 

I would like to raise a feature request here for Global Protect;

Thanks to version 9.0, we're now able to have Global Protect DNS configuration assignment based on user group.

Unfortunately, it's a "hard settings" and it cannot change according to which gateway we push those settings from Panorama. Yet, the Panorama already have the capability of using "Variables" which change the setting according to which gateway we push the configuration. Everything is already there to make it work, I'm sure it's not a big work.

 

We would like as new feature, the possibility to use Panorama variables on the Global Protect DNS assignment based on user group.

 

We have an ASPAC & EMEA GP gateway which share the same gateway settings, so our users can't get a local DNS according to which gateway they connect.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!