VMware VCENTER APPLICATION DISCOVERY MANAGER 6.0 Uživatelský manuál stáhnout pdf (Strana 3)

What’s New in PAN-OS 6.0

Networking Features

 Decryption Port Mirror— Provides the ability to create a copy of decrypted traffic from a firewall and send it to a traffic

collection tool that is capable of receiving raw packet captures—such as NetWitness or Solera—for archiving and

analysis. This feature is necessary for organizations that require comprehensive data capture for forensic and historical

purposes or data leak prevention (DLP) functionality. Note: Decryption port mirroring is available on the PA-5000 Series

and PA-3000 Series platforms only.

 OSPFv3 Support—OSPFv3 provides support for the OSPF routing protocol within an IPv6 network. OSPFv3 offers

similar structure and functionality to OSPFv2 (for IPv4). OSPPv3 and OSPFv2 can be run concurrently on the same

firewall in a dual stack configuration.

 OSPF Graceful Restart—Reduces the Active/Passive HA failover times by allowing OSPF neighbors to continue using

routes through a device during a short transition when it is out of service. This increases network stability by reducing

the network outage that is experienced when OSPF adjacencies are reestablished.

 IKE PKI Certificate Authentication for IPSec Site-to-Site VPNs—With this release authentication security has been

enhanced over previous releases that only supported pre-shared-key authentication.

 Increase Jumbo Frame Size—The maximum transmission unit (MTU) size has been increased to provide compatibility

with equipment from other vendors. The default MTU size for all Layer 3 interfaces (the Global MTU) is set to a value of

9192 bytes, but can be configured for any value in the range of 512 - 9216 bytes.

 IPv6 Neighbor Discovery Table Capacity Increase—In previous versions of PAN-OS, the Neighbor Discovery (ND)

table was smaller than the ARP table for IPv4. With this release the IPv6 ND table size has been increased to account

for larger IPv6 networks and implementation of v4/v6, dual-stack configurations.

 Consolidation of Timers Used in a High Availability (HA) Setup—To reduce the complexity in configuring HA timers

used to detect a firewall failure and trigger a failover, three profiles have been added:

o Recommended profile is for typical failover timer settings

o Aggressive profile is for faster failover timer settings

o Advanced profile allows you to customize the timer values to suit your network requirements.

The profiles auto-populate the optimum HA timer values for the specific firewall platform to enable a more rapid HA

deployment

 Enhanced Use for Address Objects—A Layer 3 interface on the firewall can now use an address object in lieu of an

IP address which allows you to separate the object from its value/IP address. For Panorama this new feature improves

scalability by allowing you to create a template that references an address object; the value for the address object can

either be defined locally on the firewall or it can be defined as a shared object or as a device group object on Panorama.

Panorama templates support address objects in the following locations:

o IP addresses for Layer 3 interfaces

o Virtual address of the Virtual IP address in an active/active HA set up

o Service routes

o NAT policy for source translation

o GlobalProtect portal and gateway IP addresses

o GlobalProtect satellite and site-to-site IP addresses

o IKE Gateway local address

o Multicast static and candidate RP addresses

o BGP peer group local addresses

o Hardware Security Module client IP addresses

Virtualization Features

 Virtual Machine (VM) Monitoring Agent—This feature eliminates manual scripting from the previous release and

allows you to dynamically retrieve virtual machine IP address changes in your virtualized environment without making

configuration changes on the firewall.

The User-ID Windows agent and the firewall (agentless User-ID) can now be configured to proactively monitor the

following VM Sources: VMware ESX(i) server (4.1 and 5.0) and VMware VCenter. The Windows User-ID agent supports

up to 100 sources and the firewall supports up to 10 sources.

1 2 3 4 5 6 7

What’s New in PAN-OS 6.0 1

Komentáře k této Příručce

Žádné komentáře

VMware VCENTER APPLICATION DISCOVERY MANAGER 6.0 Uživatelský manuál Strana 3

Komentáře k této Příručce

Související produkty a manuály pro Brány / ovladače VMware VCENTER APPLICATION DISCOVERY MANAGER 6.0