Feature Request List

L7 Applicator

Re: Feature Request List

Added FR ID 13046: Support gMSA Accounts for User-IP-Mappings

Description: Currently only standard windows Useraccounts can be identified by PaloAlto User-ID Agent. This capability should be extended to group managed service accounts as more and more of them will be used in windows environments. This way it remains possible to restrict access from servers to specific ressources so that the installed software is able to communicate but not an admin which might be able to log in to the specific server.

L0 Member

Re: Feature Request List


I have several feature request for Palo Alto firewalls:

  1. Implement VM information sources for Azure. Right now it works via Panorama Azure plugin. But why does not have it on firewall as well like being implemented for other cloud platform like AWS or GCP.
  2. Support telemetry type of monitoring along with SNMP.
  3. Support ECDHE_RSA with X25519 for TLS decryption
L7 Applicator

Re: Feature Request List


To create a new Feature Request you'll need to reach out to your SE to get them into the system. Once that's done and you have the FR numbers, post them here so people can add their votes to the FR. 

L1 Bithead

Re: Feature Request List

Please add FR ID: 13414

L7 Applicator

Re: Feature Request List

Added FR ID 13414: Negate source user

Thanks for sharing @SCarraway 

L1 Bithead

Re: Feature Request List

It would be nice to be able to associate an address group object with a IPsec VPN tunnel Proxy ID. It can be tedious to add multiple local subnets/addresses to local subnets/addresses per line in the configuration. Maybe incorporate tagging as well. It would make it easier/quicker to setup the static routes for the remote subnets as well and less chance of error (fat fingering) during the configuration.


I'll update this with the FR ID from my SE when I get it.

L2 Linker

Re: Feature Request List

It would be awesome to harden Android GlobalProtect when it's in Always-On mode. Despite that the admin can disable sign out, GP can be simply killed by the Android OS, or a user can simply remove the app from the phone, or kill the VPN in the settings. Yes, you can try to configure it on MDM, but it means a different ifrastructure, and, in most cases MDM will not help for BYOD devices.

Look how it's been done on Checkpoint Sandblast, or google maps or any other navigation system. It can't be killed by the os at any time or by another app. Or look how kaspersky implemented their antivirus solution. no way to get it removed without knowing the password. So why GP is so weak then ?

Another awesome feature would be if GP could detect from which android app the traffic is being sourced. For example if you watch youtube and use google play store, you can't differentiate the traffic, because in both cases they're using QUIC. You can't decrypt quic, disabling quic means you will make google play not working, so how can we, for example, enable google play, but disable watching youtube videos using youtube app. Or their google maps are also using quic.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!