Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-16-2011 03:56 PM
Hi, will like to understand the oppinion from the PAN community about the features that are still missing or needs to be improved.
Will appreciate if you can specify by functionality like :
FIREWALL
Must Have : A,B,C
Nice to Have : D,E,F
Thks
Mario
09-22-2013 07:07 AM
gfowler Also it appears that another fast open source log management project, ELSA (Enterprise Search and Log Archive), has support for PA as well.
09-22-2013 04:12 PM
egearhart wrote:
darren.g Java and Javascript are two different things, just want to point that out. Although trusting a browser client's Javascript interpreter to verify firewall policy is a rather cray idea, I agree.
Java/Javascript - they're both prone to security holes (albeit of different types), and I wouldn't trust any device which offloads processing to either option for security.
09-23-2013 10:19 PM
On the other hand this is already happening today since you use a webbrowser to configure the security rules in the PA.
The same malware that could screw up clientbased compile could at the same time hide rules from being seen in your browser - rules that opens a hole through your firewall for the malware to act upon.
09-24-2013 07:44 AM
- Ability to deploy and update User-ID Agent from the Firewall UI/Panorama. This would make life much easier in large environments
- Abilty to run scheduled commands (cron ?), such as a system reboot directly on the Firewall
- Ability to run local backups on the FW and export via ftp/tftp/scp/smb (this is an old one...)
- Improve FW UI in a way to allow creation of Rule Sections. Now the rulebase is quickly becoming very confusing. Look at the Migration Tool, that's how It's done (Thanks Albert 🙂
- Ability to analyze MS Office files and pdf's in Wildfire
- Integrated WAN acceleration Technology would be a killer 🙂
11-28-2013 12:08 AM
I agree 100% with this one:
- Improve FW UI in a way to allow creation of Rule Sections. Now the rulebase is quickly becoming very confusing. Look at the Migration Tool, that's how It's done (Thanks Albert 🙂
12-01-2013 09:51 AM
Would be nice if some official from PA could summarize this thread and comment on each and every suggestion what is in the pipe, what will be in the pipe and what will be discarded due to hardware/political limitations.
11-16-2021 05:35 AM
Let´s Encrypt integration in PANOS and PANORAMA would be very helpful.
As an Example for the global protect portal and gateway function or ssl inspection functions.
02-28-2022 12:16 PM
FIREWALL
Must Have : OSPFv2 RFC5709 Support (SHA1&2 hash support for authentication).
Nice to Have : Improved logging for long duration connections, such as logging traffic every few hours instead of only when connection ends. The way it currently logs makes ACC much less useful since it shows all traffic from a months-long connection all at once.
02-28-2022 02:10 PM - edited 06-28-2024 10:32 AM
Here's one that LOTS of people want - the ability to select multiple objects from the list when adding objects to a policy rule. This can be done by adding the Browse button that already exists in Address Groups. The code already exists, and only needs to be applied to policy rules.
06-23-2022 10:15 AM - edited 05-16-2023 06:50 AM
Hi @mario.chancay ,
Thanks for asking! I don't know if you still look at this thread.
Must Have:
* Echo what @PANcake says below. Add a column on Monitor > Logs > Traffic for the matching NAT rule.
* Schedule software upgrade from Panorama.
Nice to Have:
* The ability to select multiple items at once from a drop down menu. For example, if I want multiple source addresses in a security policy rule, I currently have to click Add, select one, click Add, select one. etc.
* Change Link State to down for sub-interfaces.
* SSO for clientless VPN for the same SAML iDP. (I think the NGFW would have to intercept and store the iDP cookies.)
* Template variables for GlobalProtect interfaces (portal physical, gateway physical, and gateway tunnel).
If anyone is drive-by browsing and would like to see this feature, like this post!
Tom
05-14-2023 01:42 AM
In the Detailed Log View (when clicking magnifying glass on the log view) it would be great to be able to see which NAT policy rule was used for the session. You can see source and destination NAT addresses, but not which NAT rule the traffic hit.
05-15-2023 09:25 PM
I'd like a faster web interface in general. And much faster log viewing and reporting in particular. Especially in Panorama, it is painfully slow.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
