Must have : So important, I'm listing it before my numbered items below : TCPDUMP support. I miss this basic feature nearly every day since our switch to Palo Alto. The web-based set up of background packet filters across fw, rx, tx and drop profiles is so tedious, I die inside each time I'm forced to use it. I now tcpdump from our F5's far more often because it's easier to troubleshoot using this industry standard and well-understood tool. Other must-haves : 1. Security policy rules should be numbered. Ridiculous that when you search by tag, you have no context for where in your policy the results lie. We have to use Tufin for this basic functionality. 2. Security policy rules should be groupable, like Checkpoint's SmartCentre. Wading through over 200 lines of near-identical looking rules is tedious and can lead to mistakes. Tagging is only a partial fix and rendered near-useless by the lack of rule numbers. 3. Better support for opening multiple windows on the admin interface. For some reason, you can't middle-click on admin tags (policy, monitor, network, etc) to open new windows to those views. So you have to copy the current URL, open a new tab, paste in your URL, wait for it to load, then click on the tab you want. 4. Monitor filters should be easier to use (to create, and to apply after creation), more visible in the GUI and shareable between admins. The monitor tab should remember its last view automatically so you don't have to keep creating the filter, or copy/pasting the filter line. 5. Customisable user activity reports that don't cut off after 3 days of activity. Group support for user activity reports too - tedious having to re-run the same report for a whole team. 6. Better DLP support. We've been recently stung by the fact that you can't specify REGEX for data filters unless your REGEX has at least 7 characters of immutable text. I guess it's performance related, but undermines the DLP engine's usefulness. There are almost too many Nice To Have's to list, it's overwhelming. Right click support on the policy editor would be good, so that I can choose to drill into an object from the policy page instead of having to copy the name, jump to the Object tab and search. A breadcrumb list in the ACC so that, having drilled in, I can step back out without losing the entire search. A threat log that I can actually search by "Name" (the entry is missing for some reason). Event types for the System Log so that I can filter by, say, "VPN related events".
... View more