04-07-2018
02:00 PM
- last edited on
10-07-2020
08:08 AM
by
BPry
Hi community
In a lot of topics there are discussions and questions about PAN-OS enhancements and missing (not yet implemented) features. So far the PaloAlto Feature Request list isn't available to the public but in a lot of these existing topics feature request IDs (FR ID) are mentionned. Even knowing that PAN-OS is already a feature rich firewall operating system, there is always room for improvement, so I thought it might be helpful for others (and myself) to collect these existing public available FR IDs and summarize them in one topic.
| ID | Description | Additional Information/Workaround | Implemented in |
| 130 | Filter Logs by Adress Groups | - | - |
| 204 | Automatic rollback to last "good" configuration | - | - |
| 241 | SMTP authentication in Email server profile | - | - |
| 339 | Add negate function to all security policy columns | ||
| 776 | increase custom report limit beyound Top 500 | Also in FR ID 1636 and 1693 | - |
| 889 | Mac Address as match criteria in security policy | - | - |
| 913 | Preview response pages directly in the WebUI without having to download them | - | - |
| 919 | Support for ICAP (Internet Content Adaption Protocol) | - | - |
| 986 | Custom Reports for System logs | - | - |
| 1172 | Ignore usergroup from User-ID | - | - |
| 1225 | Participation of PA firewalls in Spannin Tree | - | - |
| 1370 | URL column length limit in Reports | - | - |
| 1696 | Include Interface IP in SNMP MIB | - | - |
| 2153 | Terminal Server Agent for Linux | - | - |
| 2287 | Different ACLs for https, snmp, ... | - | - |
| 2666 | VRRP Support for clusters between PA and other devices | - | - |
| 2924 | Optain Global Protect IP from DHCP Server | - | - |
| 3051 | User Activity Report Enhancement (detailed web-browsing statistics including time spent) | - | - |
| 3060 | DHCPv6 client support | - | - |
| 3495 | Custom reports for system Logs | - | - |
| 3591 | /31 subnetmask support for HA1 link | - | - |
| 4035 | Dedicated Log category for Global Protect | - | - |
| 4443 | Support for USB modems (3G/4G/5G ...) | - | - |
| 4454 | gray out policies with expired schedules | - | - |
| 4507 | Show current interface bandwidth in a dashboard widget and log over time. | - | Not a dashboard widget but throughbut statistics and other device health metrics are implemented in PAN-OS 8.1 |
| 4603 | Concurrent GP VPN session limit per User | - | - |
| 4669 | Generate system log upon schedule end | - | - |
| 4670 | Proactive notification for policies with soon expiring scheduled | - | - |
| 4788 | Block emails based on domains in "to", "cc" or "bcc", also log these in addition to only "to" and reply with smtp 541 when blocked | - | - |
| 4920 | Display SFP, SFP+ and QSFP serial number | - | - |
| 5000 | SCEP Server integrated in the firewall | - | - |
| 5078 | per-IP Traffic shaping | - | - |
| 5357 | Global Protect Agent Uninstall Password | - | - |
| 5612 | Automatically disable and remove policies with expired schedules | - | - |
| 5678 | Log the TLS version of websites and enable reporting about this | - | - |
| 5686 | DHCP Client Class-ID Setting | - | - |
| 5844 | BGP SNMP monitorings | - | - |
| 6186 | Log and report search keywords | - | - |
| 6548 | Customizable SMTP Response for Vulnerability Protection | - | - |
| 6609 | Add "Threat Email" to email subject when something malicious was detected and also log "cc" and "bcc" | - | - |
| 7365 | DHCPv6 Server support | - | - |
| 7654 | Support of DIPP with non-strict recognition by devices (Cisco ASA like) | - | - |
| 7832 | User-ID for Azure-AD authenticated users | - | - |
| 9113 | Integrated addressobjects for well-known cloud services | - | - |
| 9195 | OCSP stapling support for inbound decryption | - | - |
| 9285 | Custom configrable MFA integration | - | - |
| 9509 | DoH (DNS over HTTPS)/DoT (DNS over TLS) Support for DNS Sinkhole Feature | - | - |
| 9522 | App-ID for DoH (DNS over HTTPS) / DoT (DNS over TLS) | Custom App-ID for DoH | - |
| 9563 | Configurable Time when Global Protect Captive Portal Notification should be shown | Captive Portal Notification Delay | GlobalProtect 4.1 |
| 9958 | Azure Information Protection (AIP) Tag support for Data Filtering | Release Notes Content Version 8129 | PAN-OS 8.0 starting with Content Update 8129 |
| 10173 | Automatically open browser when Global Protects a Captive Portal and opens a configurable website | Automatically Launch Webpage in Default Browser Upon Captive Portal Detection | Global Protect 5.0.4 starting with Content Update 8181 |
| 10931 | use logd disk space (33%) for elasric search in Panorama | Panorama disk space allocation | - |
| 11012 | Windows Server 2019 Support for User-ID Agent | - | User-ID Agent/PAN-OS 9.0.2 |
| 11153 | Completely remove Global Protect 4.0 Design out of Global Protect 5+ | - | - |
| 11211 | Forced Global Protect network rediscover after IP change | - | - |
| 11251 | Panorama High Availability: MFA using SAML (Okta) | - | - |
| 11524 | Use FIB for route monitoring instead of gateway of the route itself | - | - |
| 11763 | Include the username in the csv with the URL logs when running a user activity report | Download thelogs directly from the URL logs | - |
| 11764 | Allow for more "User Activity Report" customization - pie charts, different bar charts, color, tables, etc. | - | - |
| 11765 | WebUI Color/Theme changes (Dark mode) | already possible with some browser extensions (or maybe even directly in the browser) by modifying the css | - |
| 12264 | Reporting based on HIP match failures, specially which failed items | - | - |
| 12783 | Log E-Mail links forwarded to Wildfire | - | - |
| 13046 | Support gMSA accounts for User-IP-Mappings | - | - |
| 13414 | Negate source User | - | - |
| 15246 | Import/Export ACC and Dashboard Widgets. | - | - |
So far I found a few and I'll try to update this topic regularly. If you also know about existing requests, please write them here.
Regards,
Remo
05-11-2020 06:08 AM
Commit Description -
Is it possible to send the commit description in the syslog like the audit comment?
This would be nice to be able to report on in Splunk.
Thanks
05-12-2020 07:36 AM
Another request -
Within Panorama---Managed Devices---Summary
You tag a device or groups of devices.
Is it possible to send that in the syslog to Splunk? Would be nice to report on that as well for certain compliance requirements, such as LEAP.
06-09-2020 06:33 AM - edited 06-09-2020 06:34 AM
Hi,
I would like to request the possibility to pull all AD groups under one OU. We're big on userID based firewall rules, and the AD groups are used for authorization. Currently, we need to specify manually one-by-one all AD groups that the firewall need to retrieve user membership. New groups get created daily.
If we could specify instead the firewall to retrieve user membership of all AD groups under a specific OU, it would avoid us to update the firewalls every time we create a new AD group.
06-09-2020 06:39 AM
You use the group filter for this.
Name all the groups with a similar name, like, app-palo-groupname, then in the filter, specify as the group include, cn=app-palo-* .
It works great.
06-09-2020 06:40 AM
The actual request needs to go through your SE so they can actually put it into the system. Once you have the FR number please add it here so that others can vote on it if they also want to see that feature.
06-09-2020 06:42 AM
Thanks a lot for the answer.
I assume you're referring to the filter under "custom group", is that correct? If so, wouldn't that bundle all users inside all the AD groups that start with cn=app-palo-* into one single group? I want to still keep the AD groups as single entities, but I don't want to update the firewall local config or the panorama network/device template every time i create an AD group.
06-09-2020 06:56 AM
@BPry I found what you meant and it works very good, thanks a lot for the quick and accurate response.
07-07-2020 09:16 AM
Feature Requests need to be submitted through your SE. Once they have submitted or added your vote to an existing feature request, please let us know what the FR number is so that it can be added to this list.
08-18-2020 01:49 AM - edited 08-18-2020 01:49 AM
here's another fun one
FR 15246 to be able to customize ACC and Dashboard widgets for other users so for a NOC environment or deploying new customers we can preload custom widgets to facilitate onboarding
10-15-2020 11:08 AM
We would like to add the functionality of being able to do access control via mac-address
Thanks!
10-15-2020 11:40 AM
As have been stated 1000 times here. Creating a feature requst is done to your se. This is a place to share the id. Since you can also ask your SE to vote for other requests.
10-30-2020 05:41 AM
Hi,
Added 16178 Cortex Wildfire Score filter option.
Actually there is no option to filter or check the Wildfire verdict from the alert. You need to analyze the alert to check the verdict, so it would be useful to have the filter of score. Like that we can also filter the alert notifications to exclude correctly the false positives.
Regards.
11-03-2020 12:23 AM
3060 DHCPv6 client support.
Is this support for DHCPv6 Prefix-Delegation?
I've been requesting this for years, still puzzled why such a basic IPv6 feature is missing.
11-09-2020 07:44 PM
User-ID/IP Mapping currently tracks a single user, but what about boxes that have service accounts running services. I would love to see user-ID able to map the same up to multiple users on the same IP address just like the the terminal server agent does.
Now if I am missing something let me know.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
