PAN-OS 8.1.3 in production environment?

Reply
Highlighted
L3 Networker

PAN-OS 8.1.3 in production environment?

Anyone running 8.1.3 in prod? I have a change window to upgrade this weekend from 8.0.3 to 8.1.x as we wish to make use of the split tunnel by URL feature in GP, but reddit has filled me with some horror stories
L5 Sessionator

Re: PAN-OS 8.1.3 in production environment?

Hey @welly_59

 

No 8.1 release has been cleared as recommended by TAC, so if you can forgo the split tunnel feature for a little while longer I would not recommend upgrading as of yet.

 

Likely the next 8.1 release looking to be "recommended" will be PAN-OS 8.1.4.

 

Cheers,

Luke.

L6 Presenter

Re: PAN-OS 8.1.3 in production environment?

I would highly advise against putting 8.1 into production.  You'll likely run into more problems than the benefit you'll get from the GP/split-tunneling piece.

L6 Presenter

Re: PAN-OS 8.1.3 in production environment?


@LukeBullimore wrote:

Hey @welly_59

 

No 8.1 release has been cleared as recommended by TAC, so if you can forgo the split tunnel feature for a little while longer I would not recommend upgrading as of yet.

 

Likely the next 8.1 release looking to be "recommended" will be PAN-OS 8.1.4.

 

Cheers,

Luke.


I'm not even sure 8.1.4 is going to be a "recommended" it'll be better than 8.1.3 < for sure, but from what I'm hearing you'll want to be on at least 8.1.5 before deploying 8.1 in your production environments.  

 

We've got a 3220 HA pair that we broke.  Hit a bug that was supposedly fixed in 8.1.3 (that's going to be "refixed in 8.1.4) and also hit a separate bug that's planned to be fixed in 8.1.5.

L3 Networker

Re: PAN-OS 8.1.3 in production environment?

Wow really that bad? I’m guessing my current 8.0.3 build is buggy as well?

Is there an eta on 8.1.4?

If I can give a timescale then I can probably push back to management, and just update to last 8.0.x release while I wait for TAC to advise.

The issue we have is that some users in Sweden need split tunnel by URL as some finance apps are blocked by geo-location. Our devices are in the UK
L6 Presenter

Re: PAN-OS 8.1.3 in production environment?


@welly_59 wrote:
Wow really that bad? I’m guessing my current 8.0.3 build is buggy as well?

Is there an eta on 8.1.4?

If I can give a timescale then I can probably push back to management, and just update to last 8.0.x release while I wait for TAC to advise.

The issue we have is that some users in Sweden need split tunnel by URL as some finance apps are blocked by geo-location. Our devices are in the UK

huh? 8.0.3?  I hope you're not running 8.0.3...What platform?  

 

if you're running 8.0 code your best best, and current TAC recommended, is to run 8.0.12.  At a minimum you should be running  8.0.8.

 

The 8.1.4 release got pushed back a week.  it was supposed to be this week, but again I'd wait until at least 8.1.5

 

8.1.5 should be about 6 weeks after 8.1.4 is pushed out.

L3 Networker

Re: PAN-OS 8.1.3 in production environment?

Yes 8.0.3 on a pair of 850s in HA.

I’ve only been responsible for these devices the last few months, and they haven’t been updated for a while.

Any well known bugs in 8.0.3 I could have been hitting?
L7 Applicator

Re: PAN-OS 8.1.3 in production environment?

Hello,

They are up to code release 8.0.13 so you might want to read the release notes as there were a lot of fixes and vulnerabilities patches since 8.0.3.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!