New PAN-OS Version Updates¶
10.1 new features¶
Security profiles¶
Anti-spyware profile: New DNS Security Service malicious categories set to sinkhole
URL Filtering: Set new real-time url category to alert
Device configuration¶
packet buffer protection: set to allow (default)
10.0 new features¶
Security profiles¶
Antivirus profile: Wildfire ML dynamic classification to block all malicious file types
set all decoders to reset-both
set all file types to enabled
Anti-spyware profile: DNS Security Service malicious categories set to sinkhole
URL Filtering: realtime page analysis; block all engines types under Dynamic Classification
Device configuration¶
dynamic updates: set Wildfire schedule to ‘realtime’
Decryption profile¶
set protocol max version to TLSv1.3
Syntax changes¶
move packet cap xml element in spyware profile
remove url ‘block’ stand-alone entry
custom url categories
add ‘type’ value to allow config to commit
sinkhole IPv4 address uses FQDN instead of IP value
9.0 new features¶
Security profiles¶
new url categories (risk, new domain)
set new categories to alert
over time move to custom dual category blocks (eg. parked + high)
new pan cloud dns option in spyware profile
action = sinkhole with single packet capture
AV profile and http2
set http2 decoder same as http for each profile
Device settings¶
API key lifetime
Iniially set to a high value with configuration variable
Default in minutes –> 525,600 is 1 year
9.1 new features¶
Syntax changes¶
allow-http-range in device settings
8.1 new features¶
WF file sizes
new file type script, set to max 2000 file size [available in later releases]