Feature Request List

vsys_remo · ‎04-07-2018

Hi community

In a lot of topics there are discussions and questions about PAN-OS enhancements and missing (not yet implemented) features. So far the PaloAlto Feature Request list isn't available to the public but in a lot of these existing topics feature request IDs (FR ID) are mentionned. Even knowing that PAN-OS is already a feature rich firewall operating system, there is always room for improvement, so I thought it might be helpful for others (and myself) to collect these existing public available FR IDs and summarize them in one topic.

ID	Description	Additional Information/Workaround	Implemented in
130	Filter Logs by Adress Groups	-	-
204	Automatic rollback to last "good" configuration	-	-
241	SMTP authentication in Email server profile	-	-
339	Add negate function to all security policy columns
776	increase custom report limit beyound Top 500	Also in FR ID 1636 and 1693	-
889	Mac Address as match criteria in security policy	-	-
913	Preview response pages directly in the WebUI without having to download them	-	-
919	Support for ICAP (Internet Content Adaption Protocol)	-	-
986	Custom Reports for System logs	-	-
1172	Ignore usergroup from User-ID	-	-
1225	Participation of PA firewalls in Spannin Tree	-	-
1370	URL column length limit in Reports	-	-
1696	Include Interface IP in SNMP MIB	-	-
2153	Terminal Server Agent for Linux	-	-
2287	Different ACLs for https, snmp, ...	-	-
2666	VRRP Support for clusters between PA and other devices	-	-
2924	Optain Global Protect IP from DHCP Server	-	-
3051	User Activity Report Enhancement (detailed web-browsing statistics including time spent)	-	-
3060	DHCPv6 client support	-	-
3495	Custom reports for system Logs	-	-
3591	/31 subnetmask support for HA1 link	-	-
4035	Dedicated Log category for Global Protect	-	-
4443	Support for USB modems (3G/4G/5G ...)	-	-
4454	gray out policies with expired schedules	-	-
4507	Show current interface bandwidth in a dashboard widget and log over time.	-	Not a dashboard widget but throughbut statistics and other device health metrics are implemented in PAN-OS 8.1
4603	Concurrent GP VPN session limit per User	-	-
4669	Generate system log upon schedule end	-	-
4670	Proactive notification for policies with soon expiring scheduled	-	-
4788	Block emails based on domains in "to", "cc" or "bcc", also log these in addition to only "to" and reply with smtp 541 when blocked	-	-
4920	Display SFP, SFP+ and QSFP serial number	-	-
5000	SCEP Server integrated in the firewall	-	-
5078	per-IP Traffic shaping	-	-
5357	Global Protect Agent Uninstall Password	-	-
5612	Automatically disable and remove policies with expired schedules	-	-
5678	Log the TLS version of websites and enable reporting about this	-	-
5686	DHCP Client Class-ID Setting	-	-
5844	BGP SNMP monitorings	-	-
6186	Log and report search keywords	-	-
6548	Customizable SMTP Response for Vulnerability Protection	-	-
6609	Add "Threat Email" to email subject when something malicious was detected and also log "cc" and "bcc"	-	-
7365	DHCPv6 Server support	-	-
7654	Support of DIPP with non-strict recognition by devices (Cisco ASA like)	-	-
7832	User-ID for Azure-AD authenticated users	-	-
9113	Integrated addressobjects for well-known cloud services	-	-
9195	OCSP stapling support for inbound decryption	-	-
9285	Custom configrable MFA integration	-	-
9509	DoH (DNS over HTTPS)/DoT (DNS over TLS) Support for DNS Sinkhole Feature	-	-
9522	App-ID for DoH (DNS over HTTPS) / DoT (DNS over TLS)	Custom App-ID for DoH	-
9563	Configurable Time when Global Protect Captive Portal Notification should be shown	Captive Portal Notification Delay	GlobalProtect 4.1
9958	Azure Information Protection (AIP) Tag support for Data Filtering	Release Notes Content Version 8129	PAN-OS 8.0 starting with Content Update 8129
10173	Automatically open browser when Global Protects a Captive Portal and opens a configurable website	Automatically Launch Webpage in Default Browser Upon Captive Portal Detection	Global Protect 5.0.4 starting with Content Update 8181
10931	use logd disk space (33%) for elasric search in Panorama	Panorama disk space allocation	-
11012	Windows Server 2019 Support for User-ID Agent	-	User-ID Agent/PAN-OS 9.0.2
11153	Completely remove Global Protect 4.0 Design out of Global Protect 5+	-	-
11211	Forced Global Protect network rediscover after IP change	-	-
11251	Panorama High Availability: MFA using SAML (Okta)	-	-
11524	Use FIB for route monitoring instead of gateway of the route itself	-	-
11763	Include the username in the csv with the URL logs when running a user activity report	Download thelogs directly from the URL logs	-
11764	Allow for more "User Activity Report" customization - pie charts, different bar charts, color, tables, etc.	-	-
11765	WebUI Color/Theme changes (Dark mode)	already possible with some browser extensions (or maybe even directly in the browser) by modifying the css	-
12264	Reporting based on HIP match failures, specially which failed items	-	-
12783	Log E-Mail links forwarded to Wildfire	-	-
13046	Support gMSA accounts for User-IP-Mappings	-	-
13414	Negate source User	-	-
15246	Import/Export ACC and Dashboard Widgets.	-	-

So far I found a few and I'll try to update this topic regularly. If you also know about existing requests, please write them here.

Regards,

Remo

JaviHernandez · ‎06-09-2020

Thanks a lot for the answer.

I assume you're referring to the filter under "custom group", is that correct? If so, wouldn't that bundle all users inside all the AD groups that start with cn=app-palo-* into one single group? I want to still keep the AD groups as single entities, but I don't want to update the firewall local config or the panorama network/device template every time i create an AD group.

JaviHernandez · ‎06-09-2020

@BPry I found what you meant and it works very good, thanks a lot for the quick and accurate response.

mkroell1 · ‎07-07-2020

I would like to have routing tables and routing neighbors monitorable by SNMP like other devices from Cisco, HP, Juniper. This is key for using Palo Alto devices as routers.

BPry · ‎07-07-2020

@mkroell1,

Feature Requests need to be submitted through your SE. Once they have submitted or added your vote to an existing feature request, please let us know what the FR number is so that it can be added to this list.

reaperPANgurus · ‎08-18-2020

here's another fun one

FR 15246 to be able to customize ACC and Dashboard widgets for other users so for a NOC environment or deploying new customers we can preload custom widgets to facilitate onboarding

Tom Piens
PANgurus

Joel.Garcia · ‎10-15-2020

We would like to add the functionality of being able to do access control via mac-address

Thanks!

hbalzac · ‎10-15-2020

As have been stated 1000 times here. Creating a feature requst is done to your se. This is a place to share the id. Since you can also ask your SE to vote for other requests.

JokinLete · ‎10-30-2020

Hi,

Added 16178 Cortex Wildfire Score filter option.

Actually there is no option to filter or check the Wildfire verdict from the alert. You need to analyze the alert to check the verdict, so it would be useful to have the filter of score. Like that we can also filter the alert notifications to exclude correctly the false positives.

Regards.

erikda · ‎11-03-2020

3060 DHCPv6 client support.

Is this support for DHCPv6 Prefix-Delegation?
I've been requesting this for years, still puzzled why such a basic IPv6 feature is missing.

bschaper · ‎11-09-2020

User-ID/IP Mapping currently tracks a single user, but what about boxes that have service accounts running services. I would love to see user-ID able to map the same up to multiple users on the same IP address just like the the terminal server agent does.

Now if I am missing something let me know.

Network Security

Cloud Security

Security Operations

Feature Request List

Feature Request List

Show your appreciation!