05-16-2011 03:56 PM
Hi, will like to understand the oppinion from the PAN community about the features that are still missing or needs to be improved.
Will appreciate if you can specify by functionality like :
FIREWALL
Must Have : A,B,C
Nice to Have : D,E,F
Thks
Mario
07-25-2023 11:28 AM
Please consider allowing Address Objects in route statements for Global Protect. Adding objects would make it much easier to clean up when something gets retired or changes to a new IP / CIDR. For us this is particularly important for Global Protect VPN settings.
11-21-2023 11:59 PM - edited 11-22-2023 12:03 AM
Hello Palo Alto Networks Community and Development Team,
as a big Palo Alto fan, I am advocating for an important feature enhancement in Palo Alto firewalls: the integration of NTP server capabilities. This addition would not only elevate the functionality of Palo Alto devices but also address crucial needs in network management and security. Here's a deeper dive into the specific advantages:
Consolidation of Network Services: The integration of NTP server functionality into Palo Alto firewalls would streamline network services. This feature is common in many network devices and its absence in Palo Alto products is noticeable. By adding this, network infrastructure becomes more efficient, reducing both costs and the complexity of managing disparate systems.
Critical for Troubleshooting and Security: Accurate and synchronized time-keeping is fundamental for network security, compliance, and performance analysis. It plays a pivotal role in event correlation, forensic investigations, and complying with regulatory standards. During network issues, having a local NTP server is invaluable for ensuring accurate time-stamping across all devices, which is crucial for effective troubleshooting and analysis. The lack of a local, reliable time source can significantly impede the resolution of network problems, especially in isolated or sensitive environments. And especially in case of problems (whether security, WAN or other) it is often very helpful to have an NTP server running locally.
Essential for Remote or Small Sites: For smaller or remote locations without direct internet access, having a firewall with integrated NTP server capabilities is incredibly beneficial. It negates the need for a dedicated NTP server, simplifying network setup and management while ensuring essential time synchronization services are maintained. Although you offer small firewalls for precisely this purpose, you do not support this function, which is really useful for this purpose.
From a personal standpoint, I consider NTP server functionality as a fundamental protocol and an indispensable feature for any advanced network device. In my experience and judgment, I would assign it a ranking of 'A' - absolutely necessary. There are simply various scenarios in which this function would be very helpful. Especially as many other competitors offer this feature and it really is one of the basic functions. Its inclusion in Palo Alto firewalls would be a significant step forward in meeting the contemporary needs of network infrastructure, enhancing both the utility and security of the networks we manage.
Thank you for considering this enhancement.
Best regards,
Kai
11-22-2023 03:24 PM
Hi @Kai_Ulrich ,
Great write-up! Submit a feature request to your PANW AM or SE; get an FRID; and I will vote for it. https://live.paloaltonetworks.com/t5/community-blogs/how-to-use-palo-alto-networks-new-feature-reque...
Thanks,
Tom
02-14-2024 08:06 AM
Panorama
Nice to Have: An api call on Panorama to display HA, Device-Group, Hostname and Serial Number. Currently needs to use 2 api calls to achieve this goal. The Panorama UI has the option to display the Device-Group on the device summary.
<show><devices><all></all></devices></show>
<show><devicegroups></devicegroups></show>
03-14-2025 12:39 AM
It has now been over a year ... what about the local NTP server on PANOS? Either I can't find it in the GUI or it still doesn't exist.
Is there any news about this? I mean every opensource router can do this - and with you I need an additional system?
12-03-2025 09:36 AM
Surprising that Palo is not NTP server.. just moved our core routing to Palo and was shocked to learn this.. have to re-configure a lot of devices, because (of course) our old core routers were NTP server also
12-04-2025 02:05 AM
Hi @MikeGill ,
A PA-firewall cannot act as a direct NTP server itself.
However, you can configure it to function as an NTP proxy or relay server by utilizing NAT rules to redirect NTP queries to an external NTP server.
I looked for an internal article at PANW but couldn't find one ... Network Tech Guy however put it together nicely in this external article:
https://www.networktechguy.com/how-to-configure-pa-fw-as-ntp-proxy/
I do agree this is a missing feature, so please reach out to your local SE and have them add your vote to the feature request to give it extra weight.
Kind regards,
12-04-2025 02:12 AM
Policies:
Hard to see why traffic was allowed/blocked in one view.
Panorama:
Object reuse and hierarchy can get messy
No easy way view of overlapping or shadowed rules
Global Protect:
User side troubleshooting - complex/manual
Needs built-in self-diagnostic tools
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
