New Feature
Details: This tracks how often traffic matches the policy rules you configured on the firewall. It also identifies the inactive rules. When enabled, you can view the total Hit Count for total traffic matches against each rule along with First Hit and Last Hit.
New Feature
Details: Set the API key lifetime to protect against compromise and to reduce the effects of accidental exposure. To ensure that your keys are frequently rotated and each key is unique when regenerated, you must specify a validity period that ranges between 1-525,600 minutes. Refer to the Audit and Compliance policies for your enterprise to determine how you should specify the lifetime for which your API keys are valid.
New Feature
Details: Using the Windows Remote Management (WinRM) protocol greatly improves the speed, efficiency, and security when monitoring server events to map usernames to IP addresses. Leverage one of the WinRM protocols to monitor Active Directory Windows Servers 2008 or Microsoft Exchange Servers 2008 or later.
New Feature
Details: Set a limit on how fast the firewall refreshes FQDNs that it receives from a DNS. This check ensures the FQDN is not outdated by setting refresh interval at default 30 sec.
New Feature
Details: Configure Keep-Alive on the GRE Tunnel to ensure stability and monitoring of tunnel activity.
New Feature
Details: The best practice is to create tunnel zones for your tunnel traffic. Thus, the firewall creates separate sessions for tunneled and non-tunneled packets that have the same five-tuple (source IP address and port, destination IP address and port, and protocol). By doing so, we can inspect at Layer 7 for Applications, Threat, URL filtering and apply granular policy conditions to permit just the right traffic.
New Feature
Details: To simplify User-ID source configuration if you have multiple virtual systems, you can now share user mappings across virtual systems. To share User-ID IP address-to-username mappings, choose a virtual system to use as a User-ID hub that collects and stores the mappings in a centralized table that is accessible by all the virtual systems. This helps in not retaining the same user IP addresses multiple times on the firewall for each single vsys. This also helps in increasing the User-ID limit on the device by not retaining the same names multiple times.
Enhancement
Details: The best practice file size limit for each file type has changed for PAN-OS version 9.0. We have updated the checks with new file sizes as per best practices for PAN-OS 9.0.
