Upgrade to 7.1.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Upgrade to 7.1.0

L6 Presenter

I upgraded our lab palo to 7.1.0 last night.  Has anyone else upgraded anything in their enviornment yet?  I don't plan on doing anything in our production enviornment until at least 7.1.1 or 7.1.2.

 

Not really having much time yet I don't have much to say other than I'm looking forward greater awareness from things like the SaaS reports as well as the extra 10 or 12 cipher suites that are supported in 7.1.0 over prior versions.

 

Gotta say though I'm not digging the new look/feel of the GUI.  The sharp lines/edges make the view feel "old."

26 REPLIES 26

L6 Presenter

Question for the "Palo" people on the site:

 

EBLs, formerly Dynamic Block Lists, now being able to use URLs; Can/How (can) we use EBLs with URLs in a URL Profile?  

L7 Applicator

Gotta say though I'm not digging the new look/feel of the GUI.  The sharp lines/edges make the view feel "old."



It grows on you.  It took me a week or two to get used to it (during beta), but now I prefer the new style... and that's after 4yrs+ of experience with the previous GUI design.  Hopefully you experience the same.  

L3 Networker

Upgraded my lab. Running the final for 2 days now.

 

Finally the ECDHE ciphers for the SSL proxy are there, and they work!

Only  inbound ssl decyption with ECDHE ciphers don't work for me.

 

For now i am satisfied.

 

  

Looking to upgrade to take advantage of the new ciphers, but will probably wait until 7.1.2 or 7.1.3.  We got bit with the SSL memory leak in 7 and I need to make sure things are stable.  Right now EHDCE ciphers are killing us as we do overrides weekly.   Much needed feature.

yeah no way I'm risking my neck putting it in prod yet.  There are A LOT of "known issues" for 7.1.0.  I'll wait for that list to be pared down.

L2 Linker

I'm eager to update, but feel the same way.  Wait until 7.1.1 or later.  There are a few things I really like:

 

* Commit Queues (commits take forever on our PA-500)

* GP for chrome

* Unified logs

* External Dynamic Lists

* PFS for SSL

 

We're not affected by any of the known issues.  How safe do you think it would be to update now, versus waiting?  We have a HA pair, so I could always upgrade one of them, and turn Off HA and see how things run.  

 

 

Personally I wouldn't do it.

 

But you can review the "known issues."  See if any surround anything you'd be implementing in your enviornment.  If there isn't anything there theoretically you might be "safe."  Even then I'd talk to your SE and get their take.  Then I'd tell management that you're upgrading to this new software but there could be a potential that things could go horribly wrong.  Give them your thought on how you'd fix it quickly.

 

If after all that management is comfortable and you're comfortable...Go for it.

 

Personally I'd just wait the 6 more weeks for at least 7.1.1 to come out.

@brucegarlock Commits are great in 5060s.  hahaha

Brandon_Wertz I am jealous 🙂

 

I've started looking at my back-out plan, but you are right - I should just wait a bit and be patient.  🙂

 

 

Trust me I'm feeling froggy with all the extra features 7.1 has, but I prefer to keep my job.  So I sit and wait...waiting to play with the shinies...Begging for me to bring them out to play.

I'll be upgrading my panorama to 7.1, but holding off on the firewalls until later, like 7.1.2 unless I need the feature sooner.

L4 Transporter

I had a chance to play with it in beta, but not quite as much as I would have liked too.

 

I installed it on a lab PA-200 yesterday from a perfectly working version of 7.0.6.

 

I am having some decrypt issues with websites again.  Sites such as Google Earth, Bing maps, banking websites, etc. are spinning and spinning in Chrome, IE, and Edge eventually come up, but continue to spin.  Search boxes where you would expect to see auto-populated data (say Bing maps) don't work.  Disabling the decrypt SSL rul instantly resolves the issue.

 

I'll probably open a ticket with Palo Alto again for investigation.  It always seems to boil down to features that I feel we need the most as engineers not working correctly.

 

Matt

@Brandon_Wertz, about EBL/EDL, I have created the following to show how to use the EBL in a URL filtering policy here:

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Videos/PAN-OS-7-1-URL-Filtering-Dynamic-Block-List-E...

 

I hope this answers this question.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Exactly what I was looking for thanks @jdelio

  • 8413 Views
  • 26 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!