bykiwi01-24-201803:08 AM - edited 02-20-201805:14 AM
It is always hard to stay on top of new software versions, and in some cases, you might not even want to upgrade to the freshest and latest releases until you know it's stable enough to perform the tasks necessary.
That said, I wouldn't recommend staying on a so-called stable version until it's no longer supported. In addition to no longer being supported, you'll be missing out on a lot of new features and functionalities provided by a newer PAN-OS version.
To put this into perspective, I'll discuss a topic from not too long ago that was covered right here on the Live Community. One of our users was experiencing a specific issue which resulted in some commit failures:
The discussion went on and got plenty of replies from other users trying to help out. From checking the job-IDs on both Panorama and the actual firewall experiencing the issue to checking the ms.log logfile for more details as to what might be causing the commit to fail. The log in question was showing some memory allocation issues causing the commit to fail:
Luckily, the user was using a supported version (PAN-OS 8.0.3)! However, the version was rather old (6 months old at the time of posting) and a few newer versions were already released in the meantime. In that case, it might be a good idea to check the release notes on some of the newer PAN-OS versions, and check for any issues that might be related to this behaviour.
Release notes can be found on our Support Portal @ https://support.paloaltonetworks.com/Support/Index . All you need to do to find them is log into the Support Portal using your Support Account and navigate to the Software Updates page as displayed below:
Some of the more recent release notes did have information on addressed issues that might be related to the topic at hand.
Sure enough, there's no guarantee that the upgrade will fix the behaviour, and you might want to check with TAC first in order to confirm wether you are hitting this exact same issue. Also, there might be a reason why you don't want to upgrade to the latest PAN-OS version and you are simply looking for a workaround until you are sure that an actual upgrade is safe.
Certainly with memory related issues, restarting a specific service might be a valid workaround for you. For other issues, further debugging or more creative solutions might offer a workaround. In such cases, I would recommend reaching out to TAC as they might have seen similar requests, or post your question right here on the Live Community discussion board where both users and Palo Alto Networks employees might have useful information for you!
As always, comments and questions are welcome in the comment section below!