I'm quite disappointed in Palo Alto's approch to not make 9.0 supported on the 5000 (i.e 5020, 5060, etc.) For a customer that purchased their equipment right before th 5200s came out it seems we (and probably many others) were screwed over on this deal. Palo's approch when I discussed this was "you'll have to upgrade." Ya that's all fine and good if you want to fork out another $250K for a pair fully licensed. As an enterprise customer I would hope to get 5 years out of them but that dones't look to be possible IF we need some of the featuers in 9. Now I'll admit that we wouldn't go to it until at least 9.0.6 or .7 so maybe a year out but that still is less than what we're hoping to get out of them. I can see maybe not doing this on a 200 or 3000 but the 5000 should have more than enough power to handle it. Just a major downer by PAN on this one.
I'm not sure how much I can get into specifics due to it being brought up in an NDA conversation, but the 5000s are spec'd high enough to handle 9.0, but they lack the proper hardware compodents to make all the features work/work as suspected. Instead of branching the codebase it's easier for Palo Alto to simply drop any *000 series firewalls than having a 9.0 that can do certain things and one that can't due to platform.
If you want to get into specifics you'd need to reach out to your SE and have them setup a meeting with the proper folks from Palo Alto, but that may or may not put you under an NDA about the specifics (This was prior to 9.0 being publically released so all talks I was having on the matter were NDA, you might not actually need one anymore?).
The plan follows the same standard that Palo Alto has published for any other hardware. As of January 31st 2019 they entered into the remaining 5 years of software support and will hit EoL January 31st 2024. PAN-OS 8.1 will have extended support for the PA-5000, PA-200, PA-500, and M-100 up-to the EoL date, whereas all other hardware platforms will lose PAN-OS 9.1 support on March 1st 2022.
Also just a quick note here:
End of Sale was announced on August 1st 2018 for the PA-5000 series. If your SE and AM weren't strongly recommending that you move to something else during the sales process from that date forward I would request a new one be assigned to your account and refuse to work with them going forward.
The 5000s end of sale was January 31, 2019. What are the plans if people bought them in December/January? Is the approch, "well you're screwed" buy new?
I think your account team was less than forward thinking if they recently sold you a 5020 pair. I would think if you guys escalated with your leadership to Palo you might get some sort of a credit. We were being pushed by our account team almost 2 years ago to replace our 5060s with 5200 series platforms.
I think the pricepoint of a 5200 is ~1/3 the cost of a 5000 series.
--edit-- Totally agree with @BPry sentiment of your account team's work on your recent HW purchase
I've not asked to see the "NDA specs" of a 5020, but I'd wager a good guess you could buy a 3250 now and get better throughput on the 3250 with 10G network capabilty (something you don't get on the 5020) for WAY WAY WAY cheaper than the 250k you referenced probably **bleep** (--edit-- hahahaha can't type D A M N lol) near $150k+ cheaper!
Just FYI...Something to think about.
@BPry pan did not drop 9.0 support for all x000 series
3000 serries are supported for 9.0
But the pan-os 9 http/2 insection feature is not available for the 3000 series :(
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!