PA200 and PAN OS 8.0.5 is it a good idea?

L4 Transporter

PA200 and PAN OS 8.0.5 is it a good idea?

Hello

 

I got new PA200 as a RMA replacement so I have more time for upgrade.

 

Is it a good idea to do that? I keep always to wait at least  for X.0.5 since I upgraded one time to 6.0.0. and it was nightmare.

 

Is someone using 8.0.5 on PA200? or 8.0.4? What about commit time comparation to 7.1.x?

 

 

Regards

Slawek

L7 Applicator

Re: PA200 and PAN OS 8.0.5 is it a good idea?

I'm doing that today and will let you know. The only downside is that its my Lab unit and only 1 laptop via vwire of traffic through it.

L3 Networker

Re: PA200 and PAN OS 8.0.5 is it a good idea?

If you dynamically update your content (Apps, Threats, Anti-Virus), there is a bug in 8.0.3 - 8.0.5 in which they may or may not automatically update correctly on your set schedule.   I only seem to experience this on my PA-200's.

 

From my case:

 

"After analyzing the logs, Engineering team was able to identify the root cause of the issue. You are hitting a bug: PAN-81100 which is fixed in our upcoming 8.0.6 software code.  Targeted release date for 8.0.6 code is 11/9/17"

 

-Matt

L4 Transporter

Re: PA200 and PAN OS 8.0.5 is it a good idea?

Hello

 

On PA200 I always experiences problem with automativ update AV/Threat .

This is really annoing. My PA200 doesnt pass heavy traffic but I see every week that AV updates are listed in install state.

I hope that on 8.0.6 this problem will be resolved...

 

 

Regards

SLawek

L3 Networker

Re: PA200 and PAN OS 8.0.5 is it a good idea?

AV/Threat has only been an issue since 8.0.x from what we have expereinced.  In 6.x to 7.1.x we never had an issue. YMMV.  I'm hoping that 8.0.6 fixes this issue as well.

 

-Matt

L4 Transporter

Re: PA200 and PAN OS 8.0.5 is it a good idea?

Hello

 

I upgraded to 8.0.5 but have problems with automativ AV definition update. Commit time is similat 7.x

L2 Linker

Re: PA200 and PAN OS 8.0.5 is it a good idea?

I have tested version 8.0.x in many spares PA200's not in production, what I've seen is that commit times and cpu usage of it is Higher compare with version 7.1.X even dough they only have one or two devices using the firewall, I would recomend to stay with version 7.1 works better on these models. 

L4 Transporter

Re: PA200 and PAN OS 8.0.5 is it a good idea?

Hello

 

Ifter I did upgrade I realised that BrightCloud filtering doesnt works. So I opened case and support found that this is problem with memory!!!

The problem with activation of BrightCloud is due to the fact that commit cannot successfully complete. This is due to the device running out of memory. Error seen: 

Error: pan_sys_system_int(pan_sys.c:563): fork() failed! errno=12

The cause of issue is that with PAN-OS 8.0., there was an increase in the memory footprint and since the PA-200 has low memory, the increase in memory footprint leads to memory depletion and hence affects tasks such as commits. 

At the moment, for PA-200, no workaround exists short of downgrading to 7.1.x.

This issue is tracked under PAN-81100 and the fix is targeted for 8.0.6. 

PA200 according to

show system resources

has Mem:   2506368k total, PA500 Mem:   1966696k total,

 

So Support advised me to revert back to 7.1.x code, but what about the future?

Is old models (PA200, PA500) will not able to has 8.0 code with reasonalbe commit time and usability?

 

Why PA doesn't allow us to upgrade memory modules? RAM is cheap lets complain about it?

Why PA doesn't exchange such devices after ie. 4-5 years of using it and paying for support and maitenance like others vendors do?

Why in PA 8.0 tech doc there isn't RED MARK - do NOT upgrade to 8.0 on PA200, there is only info that it could took from 30-60min. In my case it took 20min like usually.

 

I hope that someone from PaloAlto will read this topic

 

I'm really disappointed about PaloAlto

 

Regards

SLawek

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!