Management Features
PAN-OS 8.0.5 introduces support for the Logging Service.
New Management Features Description
Administrator-Level Commit and Revert You can now commit, validate, preview, save, and revert changes that you made in a Panorama or firewall configuration independent of changes that other administrators have made. This simplifies your configuration workflow because you don't have to coordinate commits with other administrators when your changes are unrelated to theirs, or worry about reverting changes other administrators made that weren't ready.
NetFlow Support for PA-7000 Series Firewalls PA-7000 Series firewalls now have the same ability as other Palo Alto Networks firewalls to export NetFlow records for IP traffic flows to a NetFlow collector. This gives you more comprehensive visibility into how users and devices are using network resources.
PA-7000 Series Firewall Log Forwarding to Panorama You can now forward logs from PA-7000 Series firewalls to Panorama for improved log retention, which helps you meet regulatory requirements for your industry as well as your internal log archival requirements.
Selective Log Forwarding Based on Log Attributes To enable your organization to process and respond to incident alerts more quickly, you can now create custom log forwarding filters based on any log attributes. Instead of forwarding logs based only on severity levels, you can forward just the information that various teams in your organization want to monitor or act on. For example, a security operations analyst who investigates malware incidents might be interested only in Threat logs with the type attribute set to wildfire-virus.
Action-Oriented Log Forwarding using HTTP The firewall can now directly forward logs using HTTP/HTTPS so that you can trigger an automated action when a specific event occurs. This capability allows the firewall to integrate with external systems that provide an HTTP-based API. And, combined with the Selective Log Forwarding Based on Log Attributes, you can now automate security workflow more efficiently, applying dynamic policy, and responding to security incidents. Trigger an action or a workflow on a third-party service that provides an HTTP-based API: The firewall can now send an HTTP request as an API call. You can select the HTTP method, and customize the header, request format, and payload to trigger an action. For example, on an HA failover event, the firewall can generate an HTTP request to an IT management service to automatically create an incident report with the details in the system log. This automated workflow can help the IT infrastructure team to easily track and follow up on the issue. Enable dynamic policy and enforcement: Tag the source or destination IP address in a log entry, register the tags to connected User-ID agents, and take action to enforce policy at every location on your network. For example, when a Threat log indicates that the firewall has detected malware, you can tag the source or destination IP address to quarantine the malware-infected device. Based on the tag, the IP address associated with the device becomes the member of a dynamic address group, and the Security policy rule in which the dynamic address group is referenced limits access to corporate resources until IT clears the device for use.
Extended SNMP Support PAN-OS support for Simple Network Management Protocol ( SNMP) now includes the following features: Logging statistics—Using SNMP to monitor logging statistics for firewalls and Log Collectors helps you plan improvements to your log collection architecture, evaluate the health of firewall and Panorama logging functions, and troubleshoot issues such as dropped logs. You can now monitor a broader range of logging statistics, including log rate, disk usage, retention periods, the forwarding status from individual firewalls to Panorama and external servers, and the status of firewall-to-Log Collector connections. HA2 statistics and traps—Monitoring SNMP statistics and traps for the interfaces that firewalls use for high availability (HA) synchronization helps you troubleshoot and verify the health of HA functions such as state changes. You can now use an SNMP manager to monitor the dedicated HA2 interfaces of firewalls, in addition to the HA1, HA2 backup, and HA3 interfaces.
Increased Storage on PA-7000 Series Firewall To provide longer retention periods for logs on the PA-7000 Series firewall, you can now increase the log storage capacity to 4TB by installing 2TB disks in the two RAID disk pairs (formerly only 1TB disks were supported). For log storage beyond 4TB, you can enable PA-7000 Series Firewall Log Forwarding to Panorama, which supports up to 24TB for each M-500 appliance in the Collector Group.

Related Documentation