Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

What is still missing or needs to be improved in PA Next Generation Firewalls ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

What is still missing or needs to be improved in PA Next Generation Firewalls ?

L1 Bithead

Hi, will like to understand the oppinion from the PAN community about the features that are still missing or needs to be improved.

Will appreciate if you can specify by functionality like :

FIREWALL

Must Have : A,B,C

Nice to Have : D,E,F

Thks

Mario

78 REPLIES 78

L0 Member

Please consider allowing Address Objects in route statements for Global Protect.  Adding objects would make it much easier to clean up when something gets retired or changes to a new IP / CIDR.  For us this is particularly important for Global Protect VPN settings.

L1 Bithead

Hello Palo Alto Networks Community and Development Team,

 

as a big Palo Alto fan, I am advocating for an important feature enhancement in Palo Alto firewalls: the integration of NTP server capabilities. This addition would not only elevate the functionality of Palo Alto devices but also address crucial needs in network management and security. Here's a deeper dive into the specific advantages:

 

  1. Consolidation of Network Services: The integration of NTP server functionality into Palo Alto firewalls would streamline network services. This feature is common in many network devices and its absence in Palo Alto products is noticeable. By adding this, network infrastructure becomes more efficient, reducing both costs and the complexity of managing disparate systems.

  2. Critical for Troubleshooting and Security: Accurate and synchronized time-keeping is fundamental for network security, compliance, and performance analysis. It plays a pivotal role in event correlation, forensic investigations, and complying with regulatory standards. During network issues, having a local NTP server is invaluable for ensuring accurate time-stamping across all devices, which is crucial for effective troubleshooting and analysis. The lack of a local, reliable time source can significantly impede the resolution of network problems, especially in isolated or sensitive environments. And especially in case of problems (whether security, WAN or other) it is often very helpful to have an NTP server running locally.

  3. Essential for Remote or Small Sites: For smaller or remote locations without direct internet access, having a firewall with integrated NTP server capabilities is incredibly beneficial. It negates the need for a dedicated NTP server, simplifying network setup and management while ensuring essential time synchronization services are maintained. Although you offer small firewalls for precisely this purpose, you do not support this function, which is really useful for this purpose.

From a personal standpoint, I consider NTP server functionality as a fundamental protocol and an indispensable feature for any advanced network device. In my experience and judgment, I would assign it a ranking of 'A' - absolutely necessary. There are simply various scenarios in which this function would be very helpful. Especially as many other competitors offer this feature and it really is one of the basic functions. Its inclusion in Palo Alto firewalls would be a significant step forward in meeting the contemporary needs of network infrastructure, enhancing both the utility and security of the networks we manage.

Thank you for considering this enhancement.

 

Best regards,
Kai

Cyber Elite
Cyber Elite

Hi @Kai_Ulrich ,

 

Great write-up!  Submit a feature request to your PANW AM or SE; get an FRID; and I will vote for it.  https://live.paloaltonetworks.com/t5/community-blogs/how-to-use-palo-alto-networks-new-feature-reque...

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L0 Member

Panorama

Nice to Have: An api call on Panorama to display HA, Device-Group, Hostname and Serial Number. Currently needs to use 2 api calls to achieve this goal. The Panorama UI has the option to display the Device-Group on the device summary.

 

<show><devices><all></all></devices></show>
<show><devicegroups></devicegroups></show>

  • 34510 Views
  • 78 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!