5.0.3 - ready for production?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

5.0.3 - ready for production?

L4 Transporter

Hi

I have PA200 with 4.1.10, and I'd like to use few new features from 5.0.x series, and I hope that my problems with QoS will gone

Is it in your opinion (taken from real life) 5.0.3 ready for production environment?

Last time  (user id issue) testing team didnt work well in PA, did you discovered or heard about any new issues in 5.0.3?

what I pay attention before the upgrade (I've never done transition from 3.x to 4.x),  Of course I will have the recovery procedure on a desk.



With reagrds

SLawek

21 REPLIES 21

L6 Presenter

I did not see any problems with 5.0.3 but it is early and most bugs are related to environments.There will be no any panos without any bug but we are using 5.0.3 for production with some customers.

From the reactions in this community forum 5.0.3 seems (so far) to be far more stable than previous releases - however users might have been scared off by the bad things happening to 5.0.0, 5.0.1 and 5.0.2 so its now more of a waiting game for everybody involved.

But as long as you can do a fast rollback (that is make sure you have your licenses, panos-releases AND configurations backuped properly) and monitor the installation live (that is dont install 5.0.3 and go home for the day :smileysilly:) I think you should be fine with 5.0.3 (with a fat disclaimer that noone, so far, seems to have found any major issue with 5.0.3 😉

L2 Linker

5.0.1h1 seems a perfectly stable release on the PA-200.

If you are anxious to get up on 5.0, I think 5.0.3 makes sense. You can always go back to 5.0.1h1 (on PA-200). Do realize that there is no roll back to 4.x (if you update your config at all, which presumably you will)

Hi

Thats good news, so I will prepare to upgrade to 5.0.3 and roll back to 5.0.1.h1

L4 Transporter

Hi

I tryed to download 5.0.3 image, after progress bar rised 100% I cant see "downloaded" status in Device > Software, so I tryed to download 5.0.0 but with the same resaults.

In system log I cant find any errors related to PAN software, what is going on?

I have 4.1.0, 4.1.6, 4.1.8, 4.1.10 downloaded to my device. Its occupied some space. How to verify how much free space is left ?

Regards

SLawek

You'll first have to upgrade to the PANOS 5 base image - i.e. 5.0.0 first then 5.0.3. My experience so far with 5.0.2 and 5.0.3 is great. No issues seen thus far. The built-in agentless User-ID is a nice addition. Overall the performance is much better in terms of commit times, generating reports and searching the logs.

can you do a "show system disk-space"

try to delete old version files from webgui or cli ( delete software ....)

and download 5.0.0 see if shows downloaded or not

L4 Transporter

Before delete:

Filesystem        Size  Used Avail Use% Mounted on
/dev/sda3         1.9G  1.3G  540M  71% /
/dev/sda5         6.6G  3.8G  2.5G  61% /opt/pancfg
/dev/sda6         1.9G  822M 1011M  45% /opt/panrepo
tmpfs             1.3G   37M  1.2G   3% /dev/shm
/dev/sda8         2.4G  1.9G  401M  83% /opt/panlogs

after I deleted 4.1.0:

Filesystem            Size  Used Avail

/dev/sda3             1.9G  1.3G  540M

/dev/sda5             6.6G  3.8G  2.5G

/dev/sda6             1.9G  822M 1012M

tmpfs                 1.3G   37M  1.2G

/dev/sda8             2.4G  1.9G  401M

why I cant see differences?

now i downloaded 5.0.0 to my device without a problem.

after you deleted you downloaded without problem.So this makes issue resolved.

with that show disk command we cannot see that space maybe.Maybe there is a way for that but I do not know how.But deleting unused images make it clear.

also for panos 5 there is a new command

https://live.paloaltonetworks.com/docs/DOC-4687

L4 Transporter

I believe the recent trainwreck involving today's BrightCloud update that essentially broke all URL categorization (all URLs are categorized as unknown) speaks volumes about 5.0's readiness for production. I believe only the 5.0 codebase was affected.. I haven't seen anyone complaining about 4.1 having the problem.

All sites registering as "unknown"

mmartin wrote:

Came in today with users screaming that they were getting blocked on all websites.  Finally extracted enough information from them that the category was coming up as “unknown” for all sites…even Google.  Decided it had to be an issue in the URL filtering…updated to latest Brightcloud…no change.

Tricky part in that case is that since BrightCloud was bought by Webroot there have been too many odd behaviour when it comes to the URL-DB. Like broken updates, updateservers not reachable etc (according to posts in this community forum).

Just saying that the latest breakdown of the URL-DB doesnt necessary can be blamed on the PANOS 5.0 release quality Smiley Wink

And speaking of which - those of you who use PA's own URL-DB (instead of Brightcloud), any problems for you yet with broken updates or such?

Don't the PA appliances check in to and receive their BrightCloud updates from PA servers? If that's the case then PA is on the hook for this.

If the PA appliances reach straight out to BrightCloud for their updates then I agree, I'm more inclined to give PA a "pass" on this one

Just FYI...

I have a PA4020 running 5.0.3 and I have a PA5020 running 4.1.8.

The 4020 running 5.0.3 is affected by the "unknown" category issue.

The 5020 running 4.1.8 seems to be unaffected... categories seem to be working fine.

Today I upgarded my device. But of course I run into some problems.

Upgrade to 5.0.0 went OK

On PA200 I had 4.1.10 5.0.0 firmware and I have 5.0.3 on my laptop (beacause I cant download it to my device). I tryed x2 to upload it to my device, but after successful upload it doesnt appear as downloaded.

I had to download it from GUI. Finally I get it on my device

  • 7381 Views
  • 21 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!