5.0.3 - ready for production?

Reply
Highlighted
L4 Transporter

Re: 5.0.3 - ready for production?

I believe the recent trainwreck involving today's BrightCloud update that essentially broke all URL categorization (all URLs are categorized as unknown) speaks volumes about 5.0's readiness for production. I believe only the 5.0 codebase was affected.. I haven't seen anyone complaining about 4.1 having the problem.

All sites registering as "unknown"

mmartin wrote:

Came in today with users screaming that they were getting blocked on all websites.  Finally extracted enough information from them that the category was coming up as “unknown” for all sites…even Google.  Decided it had to be an issue in the URL filtering…updated to latest Brightcloud…no change.

Highlighted
L6 Presenter

Re: 5.0.3 - ready for production?

Tricky part in that case is that since BrightCloud was bought by Webroot there have been too many odd behaviour when it comes to the URL-DB. Like broken updates, updateservers not reachable etc (according to posts in this community forum).

Just saying that the latest breakdown of the URL-DB doesnt necessary can be blamed on the PANOS 5.0 release quality :smileywink:

And speaking of which - those of you who use PA's own URL-DB (instead of Brightcloud), any problems for you yet with broken updates or such?

Highlighted
L4 Transporter

Re: 5.0.3 - ready for production?

Don't the PA appliances check in to and receive their BrightCloud updates from PA servers? If that's the case then PA is on the hook for this.

If the PA appliances reach straight out to BrightCloud for their updates then I agree, I'm more inclined to give PA a "pass" on this one

Highlighted
L4 Transporter

Re: 5.0.3 - ready for production?

Just FYI...

I have a PA4020 running 5.0.3 and I have a PA5020 running 4.1.8.

The 4020 running 5.0.3 is affected by the "unknown" category issue.

The 5020 running 4.1.8 seems to be unaffected... categories seem to be working fine.

Highlighted
L4 Transporter

Re: 5.0.3 - ready for production?

Today I upgarded my device. But of course I run into some problems.

Upgrade to 5.0.0 went OK

On PA200 I had 4.1.10 5.0.0 firmware and I have 5.0.3 on my laptop (beacause I cant download it to my device). I tryed x2 to upload it to my device, but after successful upload it doesnt appear as downloaded.

I had to download it from GUI. Finally I get it on my device

Highlighted
L5 Sessionator

Re: 5.0.3 - ready for production?

When a device attempts to pull an update (or do a dynamic URL lookup) from BrightCloud, the device connects directly to BrightCloud's servers for this information, not the Palo Alto Networks update server.

Highlighted
L4 Transporter

Re: 5.0.3 - ready for production?

Do you guys have any updates on why 5.0 was affected but 4.1 wasn't? It's really curious why the update affected one version and not another.

Highlighted
L4 Transporter

Re: 5.0.3 - ready for production?

quinton schrieb:

You'll first have to upgrade to the PANOS 5 base image - i.e. 5.0.0 first then 5.0.3.

Not true. You just need to download the 5.0 image and the donwload and install 5.0.3.

Highlighted
L4 Transporter

Re: 5.0.3 - ready for production?

mikand schrieb:

And speaking of which - those of you who use PA's own URL-DB (instead of Brightcloud), any problems for you yet with broken updates or such?

No Problems so far with 5.0.3 and PANDB.

Highlighted
Not applicable

Re: 5.0.3 - ready for production?

I've upgraded to 5.0.3 and seem to be having issues with web filtering. I was on version 5.0.1 prior and everything worked fine. Now all of the url categories that are set to blocked aren't working.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!