Upgrade to 7.1.0

Reply
L6 Presenter

Upgrade to 7.1.0

I upgraded our lab palo to 7.1.0 last night.  Has anyone else upgraded anything in their enviornment yet?  I don't plan on doing anything in our production enviornment until at least 7.1.1 or 7.1.2.

 

Not really having much time yet I don't have much to say other than I'm looking forward greater awareness from things like the SaaS reports as well as the extra 10 or 12 cipher suites that are supported in 7.1.0 over prior versions.

 

Gotta say though I'm not digging the new look/feel of the GUI.  The sharp lines/edges make the view feel "old."

L6 Presenter

Re: Upgrade to 7.1.0

Question for the "Palo" people on the site:

 

EBLs, formerly Dynamic Block Lists, now being able to use URLs; Can/How (can) we use EBLs with URLs in a URL Profile?  

L7 Applicator

Re: Upgrade to 7.1.0


Gotta say though I'm not digging the new look/feel of the GUI.  The sharp lines/edges make the view feel "old."



It grows on you.  It took me a week or two to get used to it (during beta), but now I prefer the new style... and that's after 4yrs+ of experience with the previous GUI design.  Hopefully you experience the same.  

L3 Networker

Re: Upgrade to 7.1.0

Upgraded my lab. Running the final for 2 days now.

 

Finally the ECDHE ciphers for the SSL proxy are there, and they work!

Only  inbound ssl decyption with ECDHE ciphers don't work for me.

 

For now i am satisfied.

 

  

Highlighted
L2 Linker

Re: Upgrade to 7.1.0

Looking to upgrade to take advantage of the new ciphers, but will probably wait until 7.1.2 or 7.1.3.  We got bit with the SSL memory leak in 7 and I need to make sure things are stable.  Right now EHDCE ciphers are killing us as we do overrides weekly.   Much needed feature.

L6 Presenter

Re: Upgrade to 7.1.0

yeah no way I'm risking my neck putting it in prod yet.  There are A LOT of "known issues" for 7.1.0.  I'll wait for that list to be pared down.

L2 Linker

Re: Upgrade to 7.1.0

I'm eager to update, but feel the same way.  Wait until 7.1.1 or later.  There are a few things I really like:

 

* Commit Queues (commits take forever on our PA-500)

* GP for chrome

* Unified logs

* External Dynamic Lists

* PFS for SSL

 

We're not affected by any of the known issues.  How safe do you think it would be to update now, versus waiting?  We have a HA pair, so I could always upgrade one of them, and turn Off HA and see how things run.  

 

 

L6 Presenter

Re: Upgrade to 7.1.0

Personally I wouldn't do it.

 

But you can review the "known issues."  See if any surround anything you'd be implementing in your enviornment.  If there isn't anything there theoretically you might be "safe."  Even then I'd talk to your SE and get their take.  Then I'd tell management that you're upgrading to this new software but there could be a potential that things could go horribly wrong.  Give them your thought on how you'd fix it quickly.

 

If after all that management is comfortable and you're comfortable...Go for it.

 

Personally I'd just wait the 6 more weeks for at least 7.1.1 to come out.

L6 Presenter

Re: Upgrade to 7.1.0

@brucegarlock Commits are great in 5060s.  hahaha

L2 Linker

Re: Upgrade to 7.1.0

Brandon_Wertz I am jealous :-)

 

I've started looking at my back-out plan, but you are right - I should just wait a bit and be patient.  :-)

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!