Pan-os 8.0 Release Notes
Palo Alto 8.1 Release Date
This week's Discussion of the Week is not going to be on a single topic, but rather talk about URL filtering with PAN-OS 8.0. I noticed a couple of articles this week that were talking about URL filtering with PAN-OS 8.0 and there seems to be some confusion about some new features or defaut settings, so I wanted to take time to talk about all this here.I will try to cover a couple of points here, consider this a mini FAQ for a couple of items in PAN-OS 8.0 URL filtering.My URL filtering logs are not showing up properly.I have seen this question a couple of times since PAN-OS 8.0 was released. This is a misconception from a lot of users who are wanting to run reports or just simply see all of the URL traffic in the URL traffic logs.Per the PAN-OS 8.0 admin guide located here:the guide states 'Allowed (URL) traffic is not logged.' Excerpt from the Admin guide where it shows that allowed traffic is not logged.Now this can be confusing, because you want to see what the URL categories are for the traffic, don't you?Well, yes and no. Yes, it would be beneficial at times to see, but please bear in mind that this is ALL of your internet traffic. Rather the URL information is only logged for alert of blocked traffic (if configured).Note: If you are wanting to also see HTTPS decrypted traffic, you will have to apply a decryption policy on the forward proxy.In PAN-OS 8.0 there are now 2 categories inside the URL Filtering profile where there was only 1 before.If you are not familiar with PAN-OS 8.0 URL filtering, for each URL category, you have ' Site Access' and ' User Credential Submissions'.
Pan Os Release Notes
This PAN-OS® 8.0.6-h3 release includes fixes for fourimportant issues, including the fix that enables all Palo Alto Networks® customersrunning a PAN-OS 8.0 release to immediately protect their networksfrom the post-authentication command injection vulnerability coveredin CVE-2017-15940 (;see for more details). Notethat the security advisory originally misstated that this vulnerabilityissue (PAN-81892) was addressed in the PAN-OS 8.0.6 release. Wehave updated the security advisory with the correct information.We strongly recommend that you upgrade to PAN-OS 8.0.6-h3 or a laterrelease to fix the vulnerability reported in CVE-2017-15940.