Red Hat SATELLITE 5.0.0 RELEASE NOTES Manuale Utente Scaricare il pdf (Pagina 12)

12 • PAN-OS 6.1 Release Notes Palo Alto Networks

Features Introduced in PAN-OS 6.1 PAN-OS 6.1 Release Information

High Availability (HA) Features

The following high availability (HA) feature is introduced in PAN-OS 6.1.0:

Networking Features

The following Networking features are introduced in PAN-OS 6.1.0. For more details about these features and

for instructions on configuring them, refer to Networking Features in the New Features Guide.

New High Availability

Feature

Description

HA Session Sync During

Upgrade from One

Feature Release to the

Session syncing will now remain operable when upgrading HA peers from one PAN-OS

feature release version to the next feature release version (for example, when upgrading the

firewalls from PAN-OS 6.0.x to PAN-OS 6.1.x). Although session syncing has always been

operable when upgrading from one maintenance release to another in the same feature

release version (for example, during upgrade from PAN-OS 6.0.1 to PAN-OS 6.0.3), in

prior releases it was inoperable when upgrading from one PAN-OS feature release to the

next. This meant that if there was a failover during the period of time when the individual

firewalls in the HA pair were running different feature release versions (for example, if one

firewall was running 5.0.13 and the other one was running 6.0.3) sessions could have been

impacted.

New Networking Feature Description

NAT Enhancement for

Session Load Balancing

On PA-5000 Series platforms, Static Source NAT, Dynamic IP NAT, and Destination NAT

session processing has been enhanced to allow the firewall to use multiple CPUs to process

NAT sessions, rather than anchoring the sessions to a CPU based on destination IP hash.

This enhancement greatly improves throughput in these NAT scenarios, particularly in

topologies that include a load balancer or other device that limits the number of destination

IP addresses. This enhancement will occur automatically upon upgrade of the PA-5000

Series device. Note that Dynamic IP and Port NAT (DIPP) or Dynamic IP NAT sessions

that fall back to DIPP will continue to be anchored to a specific CPU, based on the

destination IP address (the target translated address).

NAT Capacity

Enhancements

The maximum number of NAT rules (static, Dynamic IP, and Dynamic IP/Port) allowed

for each platform has been increased and NAT statistics now include usage and memory

information to provide efficient management of NAT rules. The Dynamic IP/Port

oversubscription ratio can now be tuned to allow greater control in environments requiring

more Dynamic IP and Dynamic IP/Port rules. These NAT capacity enhancements are

supported on PA-3000 Series, PA-4000 Series, PA-5000 Series, and PA-7050 platforms.

LACP

You can now use the Link Aggregation Control Protocol (LACP) to dynamically detect the

interfaces between interconnected devices (peers) and combine those interfaces into an

aggregate group. Enabling LACP provides redundancy within an aggregate group: the

protocol automatically detects interface failures and fails over to standby interfaces. LACP

is supported on Layer 2, Layer 3, and HA3 interfaces only and is supported on PA-500,

PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 platforms.

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 ... 51 52

Commenti su questo manuale

Nessun commento

Red Hat SATELLITE 5.0.0 RELEASE NOTES Manuale Utente Pagina 12

Commenti su questo manuale

Prodotti e manuali riguardandi Software Red Hat SATELLITE 5.0.0 RELEASE NOTES