Feature Request List


Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

L7 Applicator

hi @mark.linzell 


a feature request goes into a big bucket of hundreds of feature requests, every so often the counsel of elders (the engineering team) get together to decide which features they'll want to introduce into a new upcoming major release and then start working on the code.


In the end some features get added, others get delayed, but up to the point the Beta gets release there's really no way to see which feature requests are going to make the cut

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
L0 Member

Cheers @reaper just wanted to make sure it was still active somewhere or if it had be closed

L2 Linker

Simple request, but in Panorama, Managed Devices -> Summary could we color code the "Device State" maybe black for connected and red for disconnected?

L0 Member

Please allow the use of special characters on user names (Like space, dot, @)

We have integrated the Paloalto with AzureAD, and would like to use the email accounts as users on the PaloAlto.

L0 Member

1) allow option "negate" for source and destination zones

Our infrastructure uses many trusted-internal zones (corp) and few untrusted-external zone (internet).

For each request to ALLOW traffic to all corp and BLOCK traffic to internet we have to use :

- Policy 1 > zone external block

- Policy 2 > zone any allow app1 app2 app3

- Policy 3 > zone any allow portA portB portC


We would like the option to simply implement :

- Policy X > negate zone external allow app1 app2 app3

- Policy Y > negate zone external allow portA portB portC




2) allow the creation of groups of zones / zone bundling

We would like the option to create :

- Zone Group 1 : includes all untrusted-external zones

- Zone Group 2 : includes all trusted-internal zones


They could then be used in policies :

- Policy 1 > destination Zone Group 1 block

- Policy 2 > destination Zone Group 2 allow

L1 Bithead

Commit Description - 


Is it possible to send the commit description in the syslog like the audit comment?

This would be nice to be able to report on in Splunk.





L1 Bithead

Another request - 


Within Panorama---Managed Devices---Summary


You tag a device or groups of devices.


Is it possible to send that in the syslog to Splunk? Would be nice to report on that as well for certain compliance requirements, such as LEAP.

L1 Bithead



I would like to request the possibility to pull all AD groups under one OU. We're big on userID based firewall rules, and the AD groups are used for authorization. Currently, we need to specify manually one-by-one all AD groups that the firewall need to retrieve user membership. New groups get created daily. 


If we could specify instead the firewall to retrieve user membership of all AD groups under a specific OU, it would avoid us to update the firewalls every time we create a new AD group.

L1 Bithead

You use the group filter for this.


Name all the groups with a similar name, like, app-palo-groupname, then in the filter, specify as the group include, cn=app-palo-* .


It works great.


Cyber Elite


The actual request needs to go through your SE so they can actually put it into the system. Once you have the FR number please add it here so that others can vote on it if they also want to see that feature. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!