topic Re: Running 11.1.2 in production in Next-Generation Firewall Discussions

Running 11.1.2 in production

SomeSuch — Fri, 29 Mar 2024 10:15:35 GMT

Hi everyone

I read that 11.1.2 is now the preferred release for 34xx, and desiring to upgrade due to some of the new features, I find myself concerned about this known issue:

PAN-224763 - A TDB engine version mismatch issue affecting all firewalls, which in turn produces heartbeat failures, can cause the firewall to crash when installing content updates.

It reads like "when you upgrade TBD engine, expect a heartbeat failure and crash.

Is that the case? Or is it something that you can account for and work around?

Anyone running 11.1.2 (or -h1) in prod that who can give some feedback?

Re: Running 11.1.2 in production

MHabeger — Wed, 10 Apr 2024 17:38:05 GMT

I was also ready to update but read the known issues and got hung up on this same one. Sounds like a show stopper to me.

Re: Running 11.1.2 in production

KKnowles1 — Mon, 15 Apr 2024 04:31:02 GMT

I as well am considering upgrading to 11.1 but am very concerned about this issue. I too would love to hear from anyone running the latest 11.1.2-h3 that has the CVE-2024-3400 fix as to their experience, or from an engineer as to what this actually means and what the likelihood of impact is. Being as the preferred release is seemingly affected by this I would think the likelihood is very small but I have been wrong before.