Experience with PANOS 6 so far ?

Reply
Highlighted
L1 Bithead

Re: Experience with PANOS 6 so far ?

Not yet :smileysad:

L4 Transporter

Re: Experience with PANOS 6 so far ?

is the problem already reported to PaloAlto Support?

Highlighted
L1 Bithead

Re: Experience with PANOS 6 so far ?

Dont think so. Havent found any article about it !

Highlighted
L4 Transporter

Re: Experience with PANOS 6 so far ?

Just created a ticket...lets wait.

Highlighted
L1 Bithead

Re: Experience with PANOS 6 so far ?

Great :smileyhappy:

Highlighted
Not applicable

Re: Experience with PANOS 6 so far ?

Try this as a work around until the bug is fixed:

Under Device > User Identification >Group Mapping Settings > Group Include List > Included Groups

If you have groups here, delete them all.

Commit and refresh/reset group mapping if needed.

Highlighted
L4 Transporter

Re: Experience with PANOS 6 so far ?

Had a remote session with PaloAlto Support.

They found out, that there is a problem/bug with the translation of the group names : Policy was entered the name "Domain\Group name" but the mapping has just the "cn= .... " format.

To "solve" the problem temporary, use the cn=.... format in the Policies.

A bug fix is the development.

Highlighted
L2 Linker

Re: Experience with PANOS 6 so far ?

check this link, other users experiment a data plane crashing in version 6.0.3

HA broken after upgrading to 6.0.3

Highlighted
L3 Networker

Re: Experience with PANOS 6 so far ?

what known bug is this?

Highlighted
L4 Transporter

Re: Experience with PANOS 6 so far ?

What I found during our update was the PAN-OS 6.0 upgrade was treating the groups like users. Once I went through an deleted the old group and re-added them I found the the configuration line was referencing the entire LDAP search string.

We didn't have that many groups in policy so it only took an hour or so to fix.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!