a feature request goes into a big bucket of hundreds of feature requests, every so often the counsel of elders (the engineering team) get together to decide which features they'll want to introduce into a new upcoming major release and then start working on the code.
In the end some features get added, others get delayed, but up to the point the Beta gets release there's really no way to see which feature requests are going to make the cut
Please allow the use of special characters on user names (Like space, dot, @)
We have integrated the Paloalto with AzureAD, and would like to use the email accounts as users on the PaloAlto.
1) allow option "negate" for source and destination zones
Our infrastructure uses many trusted-internal zones (corp) and few untrusted-external zone (internet).
For each request to ALLOW traffic to all corp and BLOCK traffic to internet we have to use :
- Policy 1 > zone external block
- Policy 2 > zone any allow app1 app2 app3
- Policy 3 > zone any allow portA portB portC
We would like the option to simply implement :
- Policy X > negate zone external allow app1 app2 app3
- Policy Y > negate zone external allow portA portB portC
2) allow the creation of groups of zones / zone bundling
We would like the option to create :
- Zone Group 1 : includes all untrusted-external zones
- Zone Group 2 : includes all trusted-internal zones
They could then be used in policies :
- Policy 1 > destination Zone Group 1 block
- Policy 2 > destination Zone Group 2 allow
Commit Description -
Is it possible to send the commit description in the syslog like the audit comment?
This would be nice to be able to report on in Splunk.
Another request -
Within Panorama---Managed Devices---Summary
You tag a device or groups of devices.
Is it possible to send that in the syslog to Splunk? Would be nice to report on that as well for certain compliance requirements, such as LEAP.
I would like to request the possibility to pull all AD groups under one OU. We're big on userID based firewall rules, and the AD groups are used for authorization. Currently, we need to specify manually one-by-one all AD groups that the firewall need to retrieve user membership. New groups get created daily.
If we could specify instead the firewall to retrieve user membership of all AD groups under a specific OU, it would avoid us to update the firewalls every time we create a new AD group.
You use the group filter for this.
Name all the groups with a similar name, like, app-palo-groupname, then in the filter, specify as the group include, cn=app-palo-* .
It works great.
The actual request needs to go through your SE so they can actually put it into the system. Once you have the FR number please add it here so that others can vote on it if they also want to see that feature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!