No idea what PAN did in version 7, but it seems that the QA process just isn't there. Unfortunately we made some changes with our policies in 7.0.3 and cannot easily revert back to 6.1.8. I am forced to fail over my FWs every morning and reboot just to keep the dataplane passing traffic. I hope this bug is addressed in 7.0.4 and also hope that staff from PAN is reading these posts as numerous people have this problem.
There is another GP related bug on 7.0.3. When using domain names for LDAP instead of IPs, GP cannot resolve the domain name so you get plethora error messages in authd.log telling you the LDAP server is down. A workaround is to use a FQDN object, but even that is very temperamental; it'll work and then suddenly stop for no apparant reason. Kind of sucks as I purchased a 3rd party cert so that I could verify the SSL sessions for the LDAP servers and now I can't even do that.
Looks like a typical case of people at the top pushing for deadlines and overlooking quality which results in shabby work.
I have been on 7.04 since Dec 2015 and now 7.0.5h2 and thankfully the SSL decryption problrems have been resoved. I would feel safe recommending 7.0.5h2
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!