Hi, will like to understand the oppinion from the PAN community about the features that are still missing or needs to be improved.
Will appreciate if you can specify by functionality like :
Must Have : A,B,C
Nice to Have : D,E,F
Which properties are you missing ? in 4.11 you can hover over the red/green interface icon & it pops up the speed / duplex ?
Things I would like to see (I run 4.1.11h1 mostly):
- The ability to log implicit rules so I can get rid of the explicit block all at the end of my policy which causes it to generate a screen full of warnings - or add an option to turn off the generation of spurious warnings on commit.
- Port Panorama to HyperV for more deployment options. Panorama should be free IMHO.
- Improved logging for high profile events like a reboot so I dont have to guess why the box restarted.
- Better QC ; I would much rather have a slower release of new features & better testing to ensure that existing features are not broken.
- Allow me to customise the messages generated when dropping SMTP with a Data Filter rule. At the moment it sticks in something about Blocked by PaloAlto firewall which is undesirable.
- SSD upgrade options for all the older hardware so I dont have to replace everything to get rid of my 15 min commit time....
This should be an easy one. From the GUI, I should be able to get the properties of an Ethernet interface. The only way I know how to do that is via the CLI command show interface ...
What, you mean like this?
Shows the interface properties pretty well, from where I'm sitting.
*Horrible* idea. Java is about as secure as a broken padlock. Doing this would completely remove the use of the PAN device for security by opening it to god knows what kind of hacks.
I would definitely agree with the test GlobalProtect comment. There are so many bugs that the client it is virtually unusable with my staff. Compared to other solutions on the market, SonicWALL, Cisco, and CheckPoint are leaps and bounds ahead. GlobalProtect doesn't even compare or rank with these. There are times it takes it 30+ seconds to connect when CheckPoint takes less than 2. Sometimes users have to connect 10-15 times before it finally occurs. All we ever get it "open a support call" or "submit an enhancement." Typical response. It seems that Palo Alto doesn't put much effort into fixing the product. I would figure that an enterprise-class product would behave differently, especially for the price they charge! Simply get a competitors VPN product and PAN will see that theirs cannot keep up.
oschuler If the policy build could be pushed to the client in a secure way and then signed and pushed back to the PA appliance this would feasibly work. I don't know of a good way to do that without something like a Java applet though, which would make the PA admin implementation much "fatter" by requiring a Java applet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!