PAN-OS 9.0 Released - Stop and Think

L4 Transporter

Re: PAN-OS 9.0 Released - Stop and Think

Wow our 5250s can do 30,000 tunnels.  Do we know what the GRE througput performance looks like?  I know IPSec and GlobalProtect SSL tunnels have limited max bandwitdh but I've always heard GRE has the potential to be closer to standard network speeds.

 

That's kind of disappointing on the Unique Policy ID but the audit history is still really cool.

 

*edit* I just downloaded GP 5.0 64-bit for Windows.  It's a completely different interface than the 4.x client!  Definitely will play around with it.  Can't wait for the Android version.

L7 Applicator

Re: PAN-OS 9.0 Released - Stop and Think


@jsalmans wrote:

Wow our 5250s can do 30,000 tunnels.  Do we know what the GRE througput performance looks like?  I know IPSec and GlobalProtect SSL tunnels have limited max bandwitdh but I've always heard GRE has the potential to be closer to standard network speeds.

 

 

*edit* I just downloaded GP 5.0 64-bit for Windows.  It's a completely different interface than the 4.x client!  Definitely will play around with it.  Can't wait for the Android version.


I have to admit I've been using the 5.0 beta for a while now, but I don't recall any major interface differences between 4.1 and 5.0. I could simply be forgetting about them, or you could have been using 4.0 which 5.0 is a noticeable improvement over (even more so if using a 3.* agent).

 

As for the GRE throughput  I haven't tested this feature in-depth on the production release and giving a bandwidth rating on the beta wouldn't be fair. From the limited testing that I did it was noticeably faster than IPSec tunnels as one would expect. 

L6 Presenter

Re: PAN-OS 9.0 Released - Stop and Think


@jsalmans wrote:

 

  • Multiple categories for URL filtering is definitely cool and could allow more granual control
  • Cisco SGT

 

 

These two features were eye catchers for me as well. Regarding SGT incorporation your FW deployment needs to be L2 or vwire, so admins just need to be mindful of that.  (Hopefully L3 integration will come in the future, not sure how likely that is though.)

 

There's also VXLAN inspection and security policy enforcement on traffic in said tunnel (without the need for terminating the tunnel on the box) as well which is really cool I think.

L4 Transporter

Re: PAN-OS 9.0 Released - Stop and Think

@jsalmans

 

Odd, I downloaded the 5.x version of GP and it looked exactly the same as the 4.x version I was running. Also the Android version was redesigned a while ago and looks beautiful compaired to the previous version. Not sure why so many people posting here are seeing different things with these clients... 

L7 Applicator

Re: PAN-OS 9.0 Released - Stop and Think

@hshawn,

The 5.0 GP agent hasn't been overhauled for any client outside of iOS, I just went back and checked 4.0 and 4.1. While the Android version definately looks better than it did when it first launched, the iOS redesign is vastly improved and what 5.0 should look like on Android when it officially launches. 

L4 Transporter

Re: PAN-OS 9.0 Released - Stop and Think

I just checked the patch notes.  We're running 4.0.x currently and the visaul improvement came in 4.1:

 

"GlobalProtect app 4.1 for Windows and macOS endpoints introduces an enhanced user experience through a more modern and streamlined user interface and a more intuitive connection process. The new app features simplified workflows that enable end users to view and modify GlobalProtect app settings, manage notifications from a central location, and connect to or disconnect from GlobalProtect more seamlessly."

L4 Transporter

Re: PAN-OS 9.0 Released - Stop and Think

@BPry

 

Interesting, I just checked. I am running version 5.0.0 on Android 9 right now. It is the nice blue image with the single connect and disconnect button in the center

L7 Applicator

Re: PAN-OS 9.0 Released - Stop and Think

@hshawn,

You aren't a member of the Android beta are you? 5.0.0 is definately still only officially available in the beta channels with the new UI, and I haven't seen any official public releases being pushed out just yet. They could be pushing it to Play and letting Google do a phased roll-out to production however. 

 

L4 Transporter

Re: PAN-OS 9.0 Released - Stop and Think

@BPryhow does one get signed up for the beta?  I was in the beta for 4.0 or maybe one of the later 3.x versions but I think it was only for that version... I haven't seen beta community forums or emails for a long while.

L7 Applicator

Re: PAN-OS 9.0 Released - Stop and Think

@jsalmans,

I think officially to get started again you are supposed to contact your SE. That being said you could likely email beta-access@paloaltonetworks.com to get the ball rolling again and they would help you get your account and SNs registered. I know that Warren is always looking for new Beta members. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!